Two subnets One WAN, issues between subnets
-
Try enabling permiscious mode and see if that helps. Could be a routing problem (split path).Is everything using the pfSense for its gateway?
-
Yep, that's exactly how we're using it. I think the NIC's are already set up that way, but I will take a gander and see for sure and post back. Thanks!
-
The adapters and virtual switches are configured in promiscuous mode. Anyone have any other ideas?
-
Can you screen shot your route table and post in here?
-
Snapshot from PFsense routes are attached.
-
Just started up wireshark on one of the pc's that is on the 20 subnet.
It looks like it's not finding the DNS/DHCP services, as it's falling back onto the
169.254.x.y address. I can clearly see that the ping is going on to the subnet, but
no responses. The ARP that shows up after the ping looks like:
who has 169.254.121.164? Tell 192.168.20.198
The PC gets it's address from PFsense… could there be a problem in how it's getting to sort out the DNS? We use DNS forwarding to the provider. -
First, I would hard set an address and then test. Set your DNS to like 8.8.8.8 or 4.2.2.2. This way you bypass the services and make sure your firewall/NAT/routing is working correctly. Then if you have not restarted since you setup the DHCP and DNS, go ahead and do so.
Check your system logs for any errors. -
but we can get out fine via the wan, so doesn't that infer that the DNS is working? It's only between the two subnets that is problematic.
I don't understand if the ping from the 10 subnet is showing up on the 20 subnet, and I see it with wireshark on the 20 subnet, why isn't the
pc on the 20 subnet responding (same pc that wireshark is on). so it's from 192.168.10.189 pc -> ping 192.168.20.198 -
Well, turns out that the Windows 7 firewall is not allowing the traffic between different sub-nets! I've turned them off each of the pc's and I can now get through. Sort of weird… must be a rule there for that too!
Thanks for the help however! -
but we can get out fine via the wan, so doesn't that infer that the DNS is working? It's only between the two subnets that is problematic.
I don't understand if the ping from the 10 subnet is showing up on the 20 subnet, and I see it with wireshark on the 20 subnet, why isn't the
pc on the 20 subnet responding (same pc that wireshark is on). so it's from 192.168.10.189 pc -> ping 192.168.20.198Yes it does. Got mixed up with another issue. Sorry about that.
Bloody windows firewall … always gets in the way.