Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    /22 network Issue

    Scheduled Pinned Locked Moved
    Firewalling
    2
    5
    135
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bha.rarieta
      last edited by

      We have the following:

      10.8.12.0/22 setup along with DHCP enabled for the range of 10.8.12.2 - 10.8.15.254 gateway of 10.8.12.1 for all clients assigned an address within that range.

      We are having an issue where any clients receiving an address above the 10.8.12.x range (i.e. 10.8.13.x - 10.8.15.x) are not able to communicate with anything inside that range or outside. All the clients receiving a 10.8.12.x address work no problem.

      I'm not quite sure where to look from here.

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @bha.rarieta
        last edited by

        @bha-rarieta well something on 10.8.12/22 trying to talk to anything else on the 10.8.12/22 network wouldn't even talk to pfsense.. So if say 10.8.12.99 can not talk to 10.8.12.100 then you got something going on with the clients or their connection.

        Can the devices ping pfsense IP on this /22 network?

        What firewall rules do you have on this interface? Do you have any rules in floating tab?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.03 | Lab VMs 2.7.2, 24.03

        B 1 Reply Last reply Reply Quote 0
        • B
          bha.rarieta @johnpoz
          last edited by

          @johnpoz

          All clients on the 10.8.12.1 - 10.8.12.254 have no issues. It's when clients assigned with any of the higher side of the /22 ( 10.8.13.1 - 10.8.13.254, 10.8.14.1 - 10.8.14.254 and 10.8.15.1 - 10.8.15.254 ) are completely isolated. The weird thing is that they are assigned an address, but that's it. That's pretty confusing to me if they are assigned an IP from pfSense.

          There are no rules in the floating tab.

          I do have Manual outbound NAT rules set, but set that after all my subnets were setup and switched from auto to manual.

          johnpozJ 1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @bha.rarieta
            last edited by johnpoz

            @bha-rarieta you changed to this /22 from say a /24 before - or have you always used /22, possible clients didn't get the new mask from dhcp? And are still on say 10.8.12.0/24 ?

            As to the manual outbound nat - why would you not just use auto, and if you need some special sort of outbound nats then just use hybrid.. Other than stupid vpn guides telling you do.. I can't think of any sort of reason why I would use full manual outbound nat.

            But again.. pfsense could be turned off and would have zero effect of devices on the same network from talking to each other..

            You don't have a bridge setup on pfsense do you? Where clients on the same network could be on different sides of the bridge?

            If you have client 10.8.12.x/22 that can not talk to 10.8.13.y/22 its not a pfsense thing.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.03 | Lab VMs 2.7.2, 24.03

            B 1 Reply Last reply Reply Quote 0
            • B
              bha.rarieta @johnpoz
              last edited by

              @johnpoz I don't remember if I had changed it from a /24 to a /22 when I originally setup the network. I want to say "I don't think so".

              The clients that pickup IP addresses in the 10.8.13.x and above get the correct subnet mask and they are assigned addresses from pfSense's DHCP server, so to me that's confusing why nothing else is working for them. I want to keep pointing my finger at something at pfSense. I'm going to do a rebuild on a machine and test before I backup the config and rebuild that FW.

              I have other locations setup "Cookie Cutter" only with the 2nd octet different (10.5.0.0/20, 10.6.0.0/20 ... etc..) The last range is 10.8.12.1 - 10.8.15.254 (10.8.12.0/22)

              I use manual outbound nat for our VOIP setup and want static port mapping. Normally I would use auto.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post