Can't route between LANs (newbie question)
-
Hi,
Firstly, apologies for the question - the fact I can't find an answer in the forums or the manuals must mean it's very simple.
I've fresh install of pfsense. Three network cards. WAN, LAN (192.168.0_24 and OPT(10.0.0_24). I can ping and connect to the router on hosts from both lans. I can also ping/connect to the other address on the router (192.168.0.1 and 10.0.0.1)
Here's what I've done so far:
Enabled opt1: 10.0.0.1, 255.255.255.0
Added rules for both Lan and opt 1 (stars everywhere - i.e. any-> any)When I ping lan -> opt (of vice versa) I get "destination host unreachable". pf sense can ping hosts on either Lan/opt1 without issue.
So, to summarise: Both LANs can ping pfsense, the rules are any->any. I didn't put this in the firewall forum; I'd guess it's way more basic than firewall config (but I'm willing to be corrected)
I'm expecting there to be a switch to click that says "enable routing"…
If I can get this working, I promise to put it into a tutorial.
Thanks in advance,
-Jason
-
What is the default route on the LAN system?
What is the default route on the OPT1 system?
-
Hi - thanks for the quick response!
I've disabled all FW rules, except the any -> any.
Default route (issued by DHCP) is the pfsense ip on both LANs:
default-gw:
LAN : 192.168.0.1
OPT1: 10.0.0.1Sorry, forgot to mention I'd set up dhcp.
-
Is the destination host unreachable message coming from pfSense?
-
Good question, not sure. How would I tell?
Here's the message:
Pinging 10.0.0.99 with 32 bytes of data:
Reply from 192.168.0.1: Destination host unreachable.
Reply from 192.168.0.1: Destination host unreachable.I'd be keen on some diagnostics etc if someone could point me in the right direction.
-
The "Reply from 192.168.0.1" indicates where the message is coming from. So it is coming from pfSense.
Can you ping 10.0.0.99 from Diagnostics > Ping on the web interface? -
yup, that works fine. Pings return as below from pfsense:
PING 10.0.0.99 (10.0.0.99) from 10.0.0.1: 56 data bytes
64 bytes from 10.0.0.99: icmp_seq=0 ttl=128 time=1.698 ms
64 bytes from 10.0.0.99: icmp_seq=1 ttl=128 time=0.429 ms
64 bytes from 10.0.0.99: icmp_seq=2 ttl=128 time=0.381 ms–- 10.0.0.99 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.381/0.836/1.698/0.610 ms -
The routing table on pfSense is? (please post output of shell command netstat -rn)
-
Wow, this is depressing - a fresh install (the 4th so far this week) has fixed it. Setup is exactly as described previously. I'm starting to think I had some strange hardware problem somewhere.
Still, I'll put this little bit into a tutorial as planned. At least it someone else had the same problem, they'll know that it should work.
Thank you everyone for your help.
-Jason