Odd behavior…can only ping LAN interface when bridged with a vlan ??
-
Hi,
I have a pfSense 2 firewall set up with that contains a combination of physical nics and vlan interfaces as follows:
Nic1 = the WAN interface, ip 192.168.1.30
Nic2 = This is a trunked interface, that is the parent interface for vlans 3,4 and 5
VLAN3 = ip address 10.1.1.1/24
VLAN4 = ip address 10.1.2.1/24
VLAN5 = ip address 10.1.3.1/24Nic3 = a LAN interface, ip 10.1.3.2/24 with a PC directly connected having an ip address of 10.1.3.3/24
All firewall rules are set to allow any traffic from any source or destination
When I set this all up, I expected to be able to ping from the PC (10.1.3.3) to the Nic3 interface (10.1.3.2). However, the pings were unsuccessful. When I ran tcpdump on the pfsense firewall, i could see the icmp requests originating from 10.1.3.2, but no replies were being sent.
I decided to bridge Nic3 with VLAN5 and to my surprise, the pings were successful. So the question that I'm hoping that someone could answer is why would I get this behavior? Shouldn't the pings from the PC to the Nic have been successful, regardless of bridging it with the VLAN5?
-
Before you apply the bridge you have two interfaces with the same subnet, both VLAN5 and Nic3 are in 192.168.3.X. Thus when pfsense receives a ping from 192.168.3.2 it doesn't know where to send the response. It may well have been responding on VLAN5. This is an invalid configuration.
When you bridge the two the ping replies get back even if pfSense is not using the same interface.You could do one of two things:
1. Change the address on one of those interfaces and remove the bridge.
2. If you want to keep the bridge you should change one interface to type 'none'.Steve
-
Thank you for your response stephenw10. I really appreciate it. I'll make sure to change one of the interface types to none.
