Can't ping client to client - Gateway issue?

CCNewb · Jun 4, 2022, 7:13 PM

Hey guys, hopefully this is an easy one (famous last words).

I'm having issues pinging to/from client to client on my network. It's impacting some local home automation from my Windows machine to IOT devices. Weird part is, it's not happening on all my devices, but some of them.

My hard-wired Linux (ubuntu) and DNS (raspberry pi) servers seem to ping everything, but my Mac OSX and Windows can't, some times they timeout / no route to host. I think it's an issue w/ default gateway, but not exactly sure.

Here's my setup..

LAN: 10.0.0.0/24

System > Routing > Gateways >
WAN1 Gateway - Fiber ISP
WAN2 Gateway - Cable ISP
OpenVPN Gateway

Gateway Groups >
Combined WAN - Both WAN1 and WAN2 are setup as Tier 1

Firewall > Rules > LAN
Source: LAN net
Gateway: Combined WAN (gateway group)

(other rules for OpenVPN)

I got a sneaking suspicion my Windows and Mac OSX are trying to go out the WAN to reach a local IP (like 10.0.0.25).

What's a proper setup for System > Routing > Gateway ? Or does someone might know what's going on?

viragomann · Jun 4, 2022, 7:55 PM

@ccnewb
Packets from one LAN device to another one does not pass the router. So it might have been nothing to do with the gateway settings.

Are you pinging by using the IP or the host name? If it's the latter try the IP to rule out DNS issues.
If you can ping a certain device (by IP) from one LAN device, but you can't from another one, the only reason I can think of are wrong network settings on one of the involved devices.
May it has a wrong network mask.

What's a proper setup for System > Routing > Gateway ?

Set the gateway group as default gateway.

Firewall > Rules > LAN
Source: LAN net
Gateway: Combined WAN (gateway group)

That's a bad idea at all. This policy routes any traffic passing pfSense to the gateway.
Though this doesn't matter in your network, since you have only one internal LAN, but if you would add additional subnets, your LANs would not be able to communicate with that.
And since you have IoT devices I strictly recommend to segment your network and separate the IoTs from your computer or servers.

CCNewb · Jun 5, 2022, 2:31 PM

@viragomann when I set "default gateway IPV4" to Combined_WAN in System > Routing Gateway, and then disable the Firewall LAN rule below, internet stops working. Is there a better way to set it up?

Firewall > Rules > LAN
Source: LAN net
Gateway: Combined WAN (gateway group)

I'm pinging / scripts are setup to use the IP address, instead of the hostname.

I don't use any static IP addresses on the network (outside of the firewall itself), it's all DHCP and DHCP reservations, so subnet mask should be good across all devices.

It's hit and miss, sometimes ping works to/from these devices to Windows and my Mac OSX, but most of the time they don't. Devices are not rebooting or dropping off the network as my Ubuntu box and DNS server can always ping to/from them.

viragomann · Jun 6, 2022, 8:30 AM

@ccnewb said in Can't ping client to client - Gateway issue?:

when I set "default gateway IPV4" to Combined_WAN in System > Routing Gateway, and then disable the Firewall LAN rule below, internet stops working.

Why do you disable it. You need a pass rule to allow internet access.
But you should set the gateway to 'none' in the rule.