Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to ping between IPs on same interface

    Scheduled Pinned Locked Moved Firewalling
    6 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      rkelleyrtp
      last edited by

      Not sure where this one goes (category wise), but here is my problem.

      I have a pfSense firewall running at the data center.  It has an WAN interface, a LAN interface (172.16.160.0/24), and an OpenVPN interface.  I needed to add two extra IP subnets on the LAN interface, so I created two Virtual IPs of type "if Alias" using 192.168.2.0/24 and 192.168.3.0/24.  For some reason, I cannot get any traffic to pass between 172.16.160.0/24 and any machine on the 192.168.2.0/24 network.  I have the default firewall rule that allows all traffic on the LAN interface and even enabled the checkbox "Bypass firewall rules for traffic on the same interface".

      Some observations:
        * An OpenVPN client can get to all three networks.
        * A machine on the 172.16.160.0/24 network can ping the pfSense IF-Alias interface (192.168.2.1)
        * A machine on the 192.168.2.0/24 network can ping the pfSense LAN interface (172.16.160.1)
        * A machine on the 192.168.3.0/24 network can get to (ping, ssh, etc) both the 172.16.160.0 and 192.168.2.0 networks.
        * I have disabled pfctl via CLI (pfctl -d) and still cannot ping between the 172.16.160.0 and 192.168.2.0 networks.

      I must be missing something with regards to NAT and/or firewall rules.

      Any pointers?  How can I debug this on pfSense?

      1 Reply Last reply Reply Quote 0
      • C
        craigduff
        last edited by

        Is the pfsense Box virtual? I know Vmware have some issues i was reading about.. If its physical, ill think of something else.

        Kind Regards,
        Craig

        1 Reply Last reply Reply Quote 0
        • R
          rkelleyrtp
          last edited by

          Yep, in fact, it is virtual.  That is a good reminder - maybe I did not set promiscuous mode on the vSwitch for this particular vlan.

          Thanks for the reminder!

          1 Reply Last reply Reply Quote 0
          • C
            craigduff
            last edited by

            LOL trust me! I have a virtual box on vmware.. And this rings so many bells. Apparently you cant add alias's on virtual nics to add as different gateways.. Something to do with Vmware's security… Maybe someone else can backup what im trying to say...

            What i did though to get round the issue is just simply add another Virtual nic to the sam virtual network.. Works for me!

            Kind Regards,
            Craig

            1 Reply Last reply Reply Quote 0
            • R
              rkelleyrtp
              last edited by

              Thanks for the info, Craig.  Turns out, rebooting pfSense fixed the issue.  I have seen this sporadically in the past; making IPSec or OpenVPN changes sometimes requires a reboot of the firewall.

              Thanks again for the quick reply.

              1 Reply Last reply Reply Quote 0
              • C
                craigduff
                last edited by

                Nice one!

                Kind Regards,
                Craig

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.