Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OPT Network reachability issues

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 3 Posters 361 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      JayS 0
      last edited by

      I have an ESXi server on which I have two networks on the same virtual switch.
      One is the 10.0.0.0/24 network and the other 11.0.0.0/24 network.
      I have set up PFS as a router and I am able to communicate between WAN and LAN perfectly.
      But I have an issue with OPT which I have renamed as LAN2.
      I can ping as follows:

      • From WAN Network to OPT Network Port (11.0.0.1) - PASS
      • From OPT Device 11.0.0.100 to WAN Network - PASS
      • From OPT Device 11.0.0.100 to 11.0.0.1 - PASS
      • From PFS console to 11.0.0.100 - PASS

      I cannot ping from:

      • From WAN to OPT Device 11.0.0.100 - FAIL

      Not sure what I have got wrong. I cannot see anything in the logs either that shows a block for ICMP at all.
      I have also tried adding an Allow All rule from WAN NET to OPT NET. But this also does not work.

      I would really appreciate some guidance.

      WAN Rules
      Snag_1efd88cd.png

      LAN Rules
      Snag_1efe0e68.png

      OPT Rules
      Snag_1ee5990e.png

      H 1 Reply Last reply Reply Quote 0
      • H Offline
        heper @JayS 0
        last edited by heper

        @JayS-0

        not enough info to provide much feedback.

        what is clear: you are using an invalid subnet on what i can only presume is a private network.
        https://en.wikipedia.org/wiki/Private_network

        also:

        I have an ESXi server on which I have two networks on the same virtual switch.
One is the 10.0.0.0/24 network and the other 11.0.0.0/24 network.

        running multiple subnets on a single Layer2 is very bad practise

        1 Reply Last reply Reply Quote 0
        • J Offline
          JayS 0
          last edited by

          Hi
          I have the lab isolated hence the 11 network.
          I have changed this to 172.16.0.0/24 now.
          The results are the same.
          My vSwitch on ESX is shown in the diagram below.
          Snag_1f46952e.png

          I realize I should have 2 NICS but I do not at the moment. This is only a lab network where I am testing some VMs.

          The issue must be to something to do with rules, as I can get PFS CONSOLE > OPT. And, also OPT > WAN-NET works fine.
          I have tried adding inbound on the OPT network, and also on the WAN side to try, but does not work.

          A pointer on this would be nice to receive.
          Jay

          1 Reply Last reply Reply Quote 0
          • J Offline
            JayS 0
            last edited by

            I have sorted this .. thanks to all.

            johnpozJ 1 Reply Last reply Reply Quote 0
            • johnpozJ Offline
              johnpoz LAYER 8 Global Moderator @JayS 0
              last edited by johnpoz

              @JayS-0 said in OPT Network reachability issues:

              I have sorted this .. thanks to all.

              How so? Did you setup vlans and let pfsense see the tags by setting the vlan ID in esxi to 4095, did you setup port groups on your switch to isolate the vlans?

              Its not really good practice, nor do you actually isolate anything just running multiple layer 3 over the same layer 2. You should isolate them physically or with vlans.

              As to just a lab so just use any ole IP range you want - while sure you can technically do that. Its good common practice to use proper rfc1918 space.. Not like you don't have enough to play with, there is really little reason to use some public IP space that is not assigned to you specifically, etc.

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.