• More trouble with pfsense.  ::)

    I have my pfsense box with 3 interfaces. A)WAN B)LAN C)DMZ
    I gave LAN 192.168.0.1/26 DHCP ON
    I gave DMZ 192.168.0.65/26  DHCP OFF

    My Win2008 server sits on the .64 network. I initially turned DHCP on on this network. Network connection status showed DEFAULT GATEWAY as the IP of the DMZ interface (192.168.0.65), but I was unable to ping it. ??? However, I COULD ping 192.168.0.1.

    I turned DHCP off on the interface and then the Server was getting an IP range from within the .0/26 network.

    So I changed my firewall rules from * 192.168.0.0/26 * 192.168.0.64/26 * * (allowing everything between the two networks) to just allowing TCP/UDP. I could no longer ping the 192.168.0.1 address, (or the .65).

    Turned DHCP back on, created a reservation for the server, (.70). Now the server is getting that address from the default gateway of 192.168.0.65, but I still can't ping it.
    Can't get outside to ping google or anything either.

    Any insight into this would be invaluable. How can I be getting an IP from DHCP through a gateway that I can't even ping? :o


  • @xtropx:

    I have my pfsense box with 3 interfaces. A)WAN B)LAN C)DMZ
    I gave LAN 192.168.0.1/26 DHCP ON
    I gave DMZ 192.168.0.65/26  DHCP OFF

    My Win2008 server sits on the .64 network. I initially turned DHCP on on this network. Network connection status showed DEFAULT GATEWAY as the IP of the DMZ interface (192.168.0.65), but I was unable to ping it. ??? However, I COULD ping 192.168.0.1.

    It is hard to say without seeing the exact command and response. Perhaps you have a dns "problem".

    @xtropx:

    I turned DHCP off on the interface and then the Server was getting an IP range from within the .0/26 network.

    You have the LAN and DMZ interfaces connected to the same switch?

    @xtropx:

    So I changed my firewall rules from * 192.168.0.0/26 * 192.168.0.64/26 * * (allowing everything between the two networks) to just allowing TCP/UDP. I could no longer ping the 192.168.0.1 address, (or the .65).

    Your changed firewall rules block ping. (ping is a particular kind of icmp, not udp and not tcp.)


  • I really screwed it up. I originally was trying to design this network to be able to connect into my ESXi machine to test IPV6 in Windows Server 2008. I wanted a separate network that would stem from the Server 2008 box to hand out IPV6 DHCP, but I also wanted the server to have IPV4 connectivity to offer other services to my IPV4 network. I think maybe I am just in over my head. I included a diagram of how I had things before, which makes it painfully obvious why nothing was working. The right side of the diagram is my attempt at fixing the network to get the functionality I want through VLANs and Router on a Stick (never been able to get pfsense to do VLAN routing) but I quit when concluded that I really didn't know what I was doing. Feel free to take a look if you want. I pick things up pretty quick, maybe you will have a suggestion or help point me in the right direction.

    http://i427.photobucket.com/albums/pp360/xtropx/network.jpg