Subnets Acting Erratic

General pfSense Questions
Log in to reply
  • X

    More trouble with pfsense.  ::)

    I have my pfsense box with 3 interfaces. A)WAN B)LAN C)DMZ
    I gave LAN 192.168.0.1/26 DHCP ON
    I gave DMZ 192.168.0.65/26  DHCP OFF

    My Win2008 server sits on the .64 network. I initially turned DHCP on on this network. Network connection status showed DEFAULT GATEWAY as the IP of the DMZ interface (192.168.0.65), but I was unable to ping it. ??? However, I COULD ping 192.168.0.1.

    I turned DHCP off on the interface and then the Server was getting an IP range from within the .0/26 network.

    So I changed my firewall rules from * 192.168.0.0/26 * 192.168.0.64/26 * * (allowing everything between the two networks) to just allowing TCP/UDP. I could no longer ping the 192.168.0.1 address, (or the .65).

    Turned DHCP back on, created a reservation for the server, (.70). Now the server is getting that address from the default gateway of 192.168.0.65, but I still can't ping it.
    Can't get outside to ping google or anything either.

    Any insight into this would be invaluable. How can I be getting an IP from DHCP through a gateway that I can't even ping? :o

    0
  • W

    @xtropx:

    I have my pfsense box with 3 interfaces. A)WAN B)LAN C)DMZ
    I gave LAN 192.168.0.1/26 DHCP ON
    I gave DMZ 192.168.0.65/26  DHCP OFF

    My Win2008 server sits on the .64 network. I initially turned DHCP on on this network. Network connection status showed DEFAULT GATEWAY as the IP of the DMZ interface (192.168.0.65), but I was unable to ping it. ??? However, I COULD ping 192.168.0.1.

    It is hard to say without seeing the exact command and response. Perhaps you have a dns "problem".

    @xtropx:

    I turned DHCP off on the interface and then the Server was getting an IP range from within the .0/26 network.

    You have the LAN and DMZ interfaces connected to the same switch?

    @xtropx:

    So I changed my firewall rules from * 192.168.0.0/26 * 192.168.0.64/26 * * (allowing everything between the two networks) to just allowing TCP/UDP. I could no longer ping the 192.168.0.1 address, (or the .65).

    Your changed firewall rules block ping. (ping is a particular kind of icmp, not udp and not tcp.)

    0
  • X

    I really screwed it up. I originally was trying to design this network to be able to connect into my ESXi machine to test IPV6 in Windows Server 2008. I wanted a separate network that would stem from the Server 2008 box to hand out IPV6 DHCP, but I also wanted the server to have IPV4 connectivity to offer other services to my IPV4 network. I think maybe I am just in over my head. I included a diagram of how I had things before, which makes it painfully obvious why nothing was working. The right side of the diagram is my attempt at fixing the network to get the functionality I want through VLANs and Router on a Stick (never been able to get pfsense to do VLAN routing) but I quit when concluded that I really didn't know what I was doing. Feel free to take a look if you want. I pick things up pretty quick, maybe you will have a suggestion or help point me in the right direction.

    http://i427.photobucket.com/albums/pp360/xtropx/network.jpg

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2021 Rubicon Communications, LLC | Privacy Policy