• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Unable to ping between IPs on same interface

Scheduled Pinned Locked Moved Firewalling
6 Posts 2 Posters 1.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • R
    rkelleyrtp
    last edited by Jan 14, 2013, 3:32 PM

    Not sure where this one goes (category wise), but here is my problem.

    I have a pfSense firewall running at the data center.  It has an WAN interface, a LAN interface (172.16.160.0/24), and an OpenVPN interface.  I needed to add two extra IP subnets on the LAN interface, so I created two Virtual IPs of type "if Alias" using 192.168.2.0/24 and 192.168.3.0/24.  For some reason, I cannot get any traffic to pass between 172.16.160.0/24 and any machine on the 192.168.2.0/24 network.  I have the default firewall rule that allows all traffic on the LAN interface and even enabled the checkbox "Bypass firewall rules for traffic on the same interface".

    Some observations:
      * An OpenVPN client can get to all three networks.
      * A machine on the 172.16.160.0/24 network can ping the pfSense IF-Alias interface (192.168.2.1)
      * A machine on the 192.168.2.0/24 network can ping the pfSense LAN interface (172.16.160.1)
      * A machine on the 192.168.3.0/24 network can get to (ping, ssh, etc) both the 172.16.160.0 and 192.168.2.0 networks.
      * I have disabled pfctl via CLI (pfctl -d) and still cannot ping between the 172.16.160.0 and 192.168.2.0 networks.

    I must be missing something with regards to NAT and/or firewall rules.

    Any pointers?  How can I debug this on pfSense?

    1 Reply Last reply Reply Quote 0
    • C
      craigduff
      last edited by Jan 14, 2013, 4:04 PM

      Is the pfsense Box virtual? I know Vmware have some issues i was reading about.. If its physical, ill think of something else.

      Kind Regards,
      Craig

      1 Reply Last reply Reply Quote 0
      • R
        rkelleyrtp
        last edited by Jan 14, 2013, 4:29 PM

        Yep, in fact, it is virtual.  That is a good reminder - maybe I did not set promiscuous mode on the vSwitch for this particular vlan.

        Thanks for the reminder!

        1 Reply Last reply Reply Quote 0
        • C
          craigduff
          last edited by Jan 14, 2013, 4:41 PM

          LOL trust me! I have a virtual box on vmware.. And this rings so many bells. Apparently you cant add alias's on virtual nics to add as different gateways.. Something to do with Vmware's security… Maybe someone else can backup what im trying to say...

          What i did though to get round the issue is just simply add another Virtual nic to the sam virtual network.. Works for me!

          Kind Regards,
          Craig

          1 Reply Last reply Reply Quote 0
          • R
            rkelleyrtp
            last edited by Jan 14, 2013, 5:25 PM

            Thanks for the info, Craig.  Turns out, rebooting pfSense fixed the issue.  I have seen this sporadically in the past; making IPSec or OpenVPN changes sometimes requires a reboot of the firewall.

            Thanks again for the quick reply.

            1 Reply Last reply Reply Quote 0
            • C
              craigduff
              last edited by Jan 14, 2013, 6:08 PM

              Nice one!

              Kind Regards,
              Craig

              1 Reply Last reply Reply Quote 0
              6 out of 6
              • First post
                6/6
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                This community forum collects and processes your personal information.
                consent.not_received