Pfsense cannot ping gateway without dns?



  • Hi!

    I've got an problem with our pfsense-firewall when we tried to change our core-network-equipment.

    We got two interfaces on our pfsense - one external (internet) and one internal.
    External inteface: 19.1.1.20
    internal: 192.168.9.1

    configured resolver :19.1.1.7

    The problem appears when we tried to change our gw-hardware.
    The internet went down (planned) and the pfsense couldn't ping the new gw (same ip but different hardware)
    There were no trouble to ping the resolver (19.1.1.7).
    The resolver cant do dns-lookup because internet is down, nothing strange about that.

    So, here I'm stuck..
    A reboot didn't help me, same thing, still could not ping the gw.
    First when we changed back to the old gw-hardware, I could ping the gw from pfsense.

    All help is appreciated!

    **Update:

    I have recreated the scenario in our lab-environment.
    Exactly the sam problem appears.
    It doesn't help with working dns-servers.

    So the problem must be the pfSense.
    Like I said before:
    _pfSense got 19.1.1.1 as gateway.
    There are no problem to ping this ip.

    When I change the gateway hardware (From cisco>juniper), I can not ping the gateway anymore.
    Other machines in the network have no problem pinging the gateway.

    So this makes me think that pfSense is locked to the gateway mac-address or something like that.
    The only change besides the hardware is the mac-address._
    Does anyone have a clue what the problem can be?

    It's pfSense 2.0.
    I've tried to restart the appliance with no success.
    The routes seems to be fine and the arp is correct in both pfsense and the gateway equipment.**



  • Is there some security-feature or something that can affect this?

    Do pfsense make a reverse lookup if i ping the gateway?

    Is the pfSense dependent on a functioning DNS?


  • Rebel Alliance Global Moderator

    no ping has nothing to do with dns – if you can not ping it, then you clearly do not have connectivity, or its not answering.



  • I have recreated the scenario in our lab-environment.
    Exactly the sam problem appears.
    It doesn't help with working dns-servers.

    So the problem must be the pfSense.
    Like I said before:
    pfSense got 19.1.1.1 as gateway.
    There are no problem to ping this ip.

    When I change the gateway hardware (From cisco>juniper), I can not ping the gateway anymore.
    Other machines in the network have no problem pinging the gateway.

    So this makes me think that pfSense is locked to the gateway mac-address or something like that.
    The only change besides the hardware is the mac-address.

    Does anyone have a clue what the problem can be?

    It's pfSense 2.0.
    I've tried to restart the appliance with no success.
    The routes seems to be fine and the arp is correct in both pfsense and the gateway equipment.


  • Netgate Administrator

    Are you seeing anything in the logs of either equipment?
    Check the pfSense firewall logs to see if it's blocking the ping reply for some reason.

    Steve


Locked