4. Can't ping from subnet to Opt1 subnet

Can't ping from subnet to Opt1 subnet

  • M

    I have a configuration set up with version 1.0.1.  The LAN and WAN work fine.  I added a third NIC to provide access to a server on a separate subnet.  I have a crossover cable connected between the OPT1 interface and the server. 
    OPT1 address - 192.168.3.113
    Server address - 192.168.3.114
    I cannot ping between the two.  I have rules set to Source/Any  Dest/Any and Gateway to default.
    Are these not the correct settings?

    0
  • H

    Make sure the hostbehind the 3rd nic uses the correct gateway. Also have a look at status>systemlogs, firewall if you see any blocks for this traffic.

    0
  • M

    I checked the systems log and see this message:
    kernel: arplookup 192.168.3.114 failed: host is not on local network
    I changed the subnet mask of the OPT1 card to 255.255.255.0.  It was set wrong.  I set the same subnet mask for the host.  I can know ping from the pfsense console to the host - 192.168.3.114 but I cannot ping from the host to the OPT1 card. 
    I can also access the host on OPT1 through the LAN.  I cannnot access the host from the WAN and have a NAT setting.  Sounds like a firewall rule needs to be set.

    0
  • H

    Please provide your interface configurations and your firewallrules at LAN and OPT1.

    0
  • M

    Here are the interface settings and I attached an image of the firewall rules.

    Status: Interfaces

    WAN interface (fxp0) 
    Status up 
    MAC address 00:a0:c9:6c:7a:a4 
    IP address 70.43.128.125   
    Subnet mask 255.255.255.224 
    Gateway 70.43.128.113 
    ISP DNS servers 64.89.70.2
    64.89.74.2

    Media 100baseTX <full-duplex> 
    In/out packets 855442/690360 (711.95 MB/130.00 MB) 
    In/out errors 0/0 
    Collisions 0

    LAN interface (em0) 
    Status up 
    MAC address 00:07:e9:1f:89:fc 
    IP address 192.168.2.1   
    Subnet mask 255.255.255.128 
    Media 100baseTX <full-duplex> 
    In/out packets 845251/1049302 (191.80 MB/774.80 MB) 
    In/out errors 0/0 
    Collisions 0

    OPT1 interface (dc0) 
    Status up 
    MAC address 00:12:17:4f:83:50 
    IP address 192.168.3.113   
    Subnet mask 255.255.255.0 
    Gateway 192.168.2.1 
    Media 100baseTX <full-duplex> 
    In/out packets 76057/1051 (8.32 MB/213 KB) 
    In/out errors 2/0 
    Collisions 0



    </full-duplex></full-duplex></full-duplex>

    0
  • H

    Drop all the gateway in your firewallrules. These are for policybasedrouting/loadbalancing. Leave everything at default (*).

    0
  • M

    I dropped all of the Gateways but still cannot connect to the WAN from my host on the OPT1 network.  I can connect from my LAN to the host on the OPT1 network.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy