4. Can't route between LANs (newbie question)

Can't route between LANs (newbie question)

  • ?

    Hi,

    Firstly, apologies for the question - the fact I can't find an answer in the forums or the manuals must mean it's very simple.

    I've fresh install of pfsense. Three network cards. WAN, LAN (192.168.0_24 and OPT(10.0.0_24). I can ping and connect to the router on hosts from both lans. I can also ping/connect to the other address on the router (192.168.0.1 and 10.0.0.1)

    Here's what I've done so far:

    Enabled opt1: 10.0.0.1, 255.255.255.0
    Added rules for both Lan and opt 1 (stars everywhere - i.e. any-> any)

    When I ping lan -> opt (of vice versa) I get "destination host unreachable". pf sense can ping hosts on either Lan/opt1 without issue.

    So, to summarise: Both LANs can ping pfsense, the rules are any->any.  I didn't put this in the firewall forum; I'd guess it's way more basic than firewall config (but I'm willing to be corrected)

    I'm expecting there to be a switch to click that says "enable routing"…

    If I can get this working, I promise to put it into a tutorial.

    Thanks in advance,

    -Jason

    0
  • W

    What is the default route on the LAN system?

    What is the default route on the OPT1 system?

    0
  • ?

    Hi - thanks for the quick response!

    I've disabled all FW rules, except the any -> any.

    Default route (issued by DHCP) is the pfsense ip on both LANs:

    default-gw:
    LAN : 192.168.0.1
    OPT1: 10.0.0.1

    Sorry, forgot to mention I'd set up dhcp.

    0
  • B

    Is the destination host unreachable message coming from pfSense?

    0
  • ?

    Good question, not sure. How would I tell?

    Here's the message:

    Pinging 10.0.0.99 with 32 bytes of data:
    Reply from 192.168.0.1: Destination host unreachable.
    Reply from 192.168.0.1: Destination host unreachable.

    I'd be keen on some diagnostics etc if someone could point me in the right direction.

    0
  • B

    The "Reply from 192.168.0.1" indicates where the message is coming from. So it is coming from pfSense.
    Can you ping 10.0.0.99 from Diagnostics > Ping on the web interface?

    0
  • ?

    yup, that works fine. Pings return as below from pfsense:

    PING 10.0.0.99 (10.0.0.99) from 10.0.0.1: 56 data bytes
    64 bytes from 10.0.0.99: icmp_seq=0 ttl=128 time=1.698 ms
    64 bytes from 10.0.0.99: icmp_seq=1 ttl=128 time=0.429 ms
    64 bytes from 10.0.0.99: icmp_seq=2 ttl=128 time=0.381 ms

    –- 10.0.0.99 ping statistics ---
    3 packets transmitted, 3 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 0.381/0.836/1.698/0.610 ms

    0
  • W

    The routing table on pfSense is? (please post output of shell command netstat -rn)

    0
  • ?

    Wow, this is depressing - a fresh install (the 4th so far this week) has fixed it. Setup is exactly as described previously. I'm starting to think I had some strange hardware problem somewhere.

    Still, I'll put this little bit into a tutorial as planned. At least it someone else had the same problem, they'll know that it should work.

    Thank you everyone for your help.

    -Jason

    0
Locked
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy