Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HELP Cant Ping from igc3 to igc1

    L2/Switching/VLANs
    1
    2
    205
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 1
      1.21Gigawatts
      last edited by

      Setup

      • pfSense box on mini pc with 4 lan ports (igc0, igc1, igc2, igc3)
      • WAN is on igc0
      • LAN is on igc1 with IP range of 192.168.1.0/24
      • a Server running Ubuntu 22.04 is on igc3 with IP range of 192.168.3.0/30

      a PC on LAN igc1 can ping the Server on igc3, but the Server Cant ping PC on LAN.
      The Server can ping the internet, it can ping the igc3 gateway 192.168.3.1, and can even ping 192.168.1.1 (the LAN igc1 gateway), but seems its not allowed to talk to ping anything else on the LAN.

      In the pfSense Server firewall rules are se to

      IPv4 allow *any source *any port to *any destination, but still cant ping from server to LAN PC.

      To set a static IP on the server i did edit Ubuntu Servers /etc/netplan/ .yaml file.

      # This is the network config written by 'subiquity'
network:
  ethernets:
    eno1:
      addresses:
      - 192.168.3.2/30
      nameservers:
        addresses:
        - 192.168.3.1
        - 1.1.1.1
        - 1.0.0.1
        - 8.8.8.8
        - 8.8.4.4
        search: []
      routes:
      - to: default
        via: 192.168.3.1
    enp3s0:
      dhcp4: true
  version: 2

      Im obviously overlooking something...?

      I do want the server to be segregated on its own network, but need it to be able to communicate with something im running on my LAN.

      1 Reply Last reply Reply Quote 0
      • 1 1.21Gigawatts referenced this topic on
      • 1
        1.21Gigawatts
        last edited by 1.21Gigawatts

        Ok I seemed to have solved the problem, tho i dont understand exactly why it was an issue.

        In my pfSense i had created a WAN failover group, that basically in the event igc0 WAN goes down, it will automatically fail over to igc2 (4G router). In the firewall rules for the Server, i had set the gateway from "Default" to this gateway group. However, for some reason this wouldnt allow the server to ping anything on the LAN, except the 192.168.1.1 gateway 🤷

        So i changed the server firewall rule back to default gateway, but under System/Routing/Gateways i already had the failover gateway group set as the default.

        Now with the appropriate firewall rule allowing IMCP with default gateway set, i can ping from Server to LAN PCs. And with another rule, i have managed to get the service on my LAN (wazuh), to communicate with the server.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.