Can't ping from subnet to Opt1 subnet
-
I have a configuration set up with version 1.0.1. The LAN and WAN work fine. I added a third NIC to provide access to a server on a separate subnet. I have a crossover cable connected between the OPT1 interface and the server.
OPT1 address - 192.168.3.113
Server address - 192.168.3.114
I cannot ping between the two. I have rules set to Source/Any Dest/Any and Gateway to default.
Are these not the correct settings? -
Make sure the hostbehind the 3rd nic uses the correct gateway. Also have a look at status>systemlogs, firewall if you see any blocks for this traffic.
-
I checked the systems log and see this message:
kernel: arplookup 192.168.3.114 failed: host is not on local network
I changed the subnet mask of the OPT1 card to 255.255.255.0. It was set wrong. I set the same subnet mask for the host. I can know ping from the pfsense console to the host - 192.168.3.114 but I cannot ping from the host to the OPT1 card.
I can also access the host on OPT1 through the LAN. I cannnot access the host from the WAN and have a NAT setting. Sounds like a firewall rule needs to be set. -
Please provide your interface configurations and your firewallrules at LAN and OPT1.
-
Here are the interface settings and I attached an image of the firewall rules.
Status: Interfaces
WAN interface (fxp0)
Status up
MAC address 00:a0:c9:6c:7a:a4
IP address 70.43.128.125
Subnet mask 255.255.255.224
Gateway 70.43.128.113
ISP DNS servers 64.89.70.2
64.89.74.2Media 100baseTX <full-duplex>
In/out packets 855442/690360 (711.95 MB/130.00 MB)
In/out errors 0/0
Collisions 0LAN interface (em0)
Status up
MAC address 00:07:e9:1f:89:fc
IP address 192.168.2.1
Subnet mask 255.255.255.128
Media 100baseTX <full-duplex>
In/out packets 845251/1049302 (191.80 MB/774.80 MB)
In/out errors 0/0
Collisions 0OPT1 interface (dc0)
Status up
MAC address 00:12:17:4f:83:50
IP address 192.168.3.113
Subnet mask 255.255.255.0
Gateway 192.168.2.1
Media 100baseTX <full-duplex>
In/out packets 76057/1051 (8.32 MB/213 KB)
In/out errors 2/0
Collisions 0
</full-duplex></full-duplex></full-duplex> -
Drop all the gateway in your firewallrules. These are for policybasedrouting/loadbalancing. Leave everything at default (*).
-
I dropped all of the Gateways but still cannot connect to the WAN from my host on the OPT1 network. I can connect from my LAN to the host on the OPT1 network.