Two Lans, possible routing issue
-
Hi Guys
I have an odd issue with my pfsense setup. I have one pfsense device, connected to one wan (bge0) and two lans (bge1, bge2).
first lan 192.168.0.0/24 uses dhcp with some static leases and has connectivity simple setup and works. pfsense interface (bge1) on this one is 192.168.0.1
second lan 10.224.0.0/16: don't need dhcp since all devices there has static setup. pfsense interface (bge2) on this one is 10.224.0.1.
I have once device connect to second lan with static ip of 10.224.50.100 subnet 255.255.0.0 gw 10.224.0.1
both lans only have ipv4 any to any rule for now and 192.168.0.0 also has anti lockout rule.when I login to a device on lan one say at 192.168.0.100 I have full internet access, i can ping 10.224.0.1 but can't ping 10.224.50.100.
when i enabled dhcp on the second network and had a device using dhcp (not the 10.224.50.100) i was able to ping 10.224.50.100, so i guess it wasn't firewall issue but routing.why can't i ping it without the dhcp on the second lan, ideas?
-
@guyz
The only reason, I can think of to cause this behavior, would be wrong network settings, either the network mask or the gateway.
Verify that the settings are applied correctly with ipconfig / ifconfig or similar. -
@guyz yeah I would agree with @viragomann that really points to issue with settings. If works with dhcp but not when you set static on the device itself that really screams something wrong with the settings, typo quiet possible on either the mask or gateway address. or maybe just different IP then what was thought to be set..
I would agree if works with dhcp but not static that kinds of says not a host firewall on the host device trying to talk too.
-
odd might end up as typo, I'll keep digging ... thanks for the sanity check :)
-
@guyz never heard of a firewall or security software that would allow access from other networks when it gets via dhcp, but would block if static that is for sure..
The only thing that would come close is say a windows machine setting a private/public/domain profile on the firewall. So guess in theory if a profile loaded from AD or something that might allow remote networks?
-
@guyz said in Two Lans, possible routing issue:
I have an odd issue with my pfsense setup.
Why don't people ever have even issues?
I agree with the other guys. It's likely a config problem.
-
Had an even issue right before that one but managed to sort it out :)... retried and set everything from scratch, and all works well, probably a typo i just missed and couldn't find.
thanks everyone for the support.
-
@guyz so your now working with your static settings?
Out of curiosity only - why are you using such a large mask.. /16 seems way over the top for any actual network.. That would be used in maybe say a cidr rule on a firewall.. or a route.. 65K address sure seems like a lot of devices to put on a segment..
And people wonder how your run out of IP space in rfc1918 ;)
-
Just because some of the devices on this one come from the factory with a 10.224.0.0/16 IP already and it saves me time to reconfigure ...
-
@guyz said in Two Lans, possible routing issue:
come from the factory with a 10.224.0.0/16 IP already and it saves me time to reconfigure ...
haha - thanks.. Well that makes sense then..
