Adding a second NIC - Issue

Neophyte · Jul 10, 2013, 8:49 AM

Hello,

I have been working with pfSense's for about 6 months now and im getting a hand of it. However i am still not good at subnetting and ip calculation.

Recently i did a new setup with a new installation of pfSense. The thought with it is multi-lan with different subnets. I have setup static IP for every node on the network.

__________
/ 150.10.10.0/16
pfSense –---
___________192.168.10.0/24

The 192.168.10.0/24 net works flawlessly, the nodes on it can ping the pfsense etc.
However on the 150.10.10.0/16 net i cannot ping the pfsense, or any other nodes on the network. I have assigned a second interface to this net, i added firewall rules to allow traffic on the network.

However the LED on the NIC card is orange and green.
What could be the cause of this? Have i calculated the 150.10.10.0/16 wrong?

Best regards
Tim

doktornotor · Jul 10, 2013, 8:55 AM


% APNIC found the following authoritative answer from: whois.apnic.net
% [whois.apnic.net node-1]
% Whois data copyright terms    http://www.apnic.net/db/dbcopyright.html
inetnum:        150.10.0.0 - 150.10.255.255
netname:        TOYOTECH-NET
country:        JP
descr:          T.RAD Co., Ltd.
admin-c:        OU1-AP
tech-c:         OU1-AP
mnt-by:	        APNIC-HM
mnt-lower:      MAINT-JP-TRAD
status:         ALLOCATED PORTABLE
changed:        hm-changed@apnic.net 20060203
source:         APNIC
person:         Osamu Ueno
nic-hdl:        OU1-AP
e-mail:         uenoo@trad.co.jp
address:        937 Soya, Hadano City, Kanagawa, Japan
phone:          +81-463-84-8187
country:        JP
changed:        ip-apnic@nic.ad.jp 20060202
mnt-by:         MAINT-JP-TRAD
source:         APNIC

::) ???

Neophyte · Jul 10, 2013, 9:40 AM

I see now..
Im gonna change the net and report back with result.

Thanks alot!

Best regards
Tim

phil.davis · Jul 10, 2013, 9:43 AM

??? - exactly, how did you manage to pick the public IP space 150.10.n.n?
You need another subnet in private IPv4 address space. Assuming you have less than about 250 devices to put in the extra subnet, then you only need a /24 - may as well choose the next one after 192.168.10.0/24, make it 192.168.11.0/24.
Give this OPT1 subnet an IP address on pfSense - 192.168.11.1 or 192.168.11.254 or whatever scheme you have for the gateway IP number.
Set a DHCP range inside this so that clients get an IP address.
Add rules to allow traffic on OPT1 from OPT1net to anywhere.
And it works - I hope:)

Neophyte · Jul 11, 2013, 2:27 PM

Alright - I got the IP adresses sorted out now, but on my 2nd NIC card (OPT1) the 2 LED's on the back of the card lights green and orange.
And the network on that card seems unreachable, i am not able to ping the interface.

I have added pass rules for the FW on the interface and i cannot see any blocks in firewall/syslog.

This is how it looks like, with the yellow cable assigned to em0(OPT1)

Would be very greatful for any advice!

Best regards
Tim

kejianshi · Jul 11, 2013, 2:35 PM

Did you go into services > DHCP server and set up DHCP and an IP range?

Neophyte · Jul 11, 2013, 2:38 PM

@kejianshi:

Did you go into services > DHCP server and set up DHCP and an IP range?

Hi,
Thanks for the response

I did setup a DHCP range, 192.168.10.20 - 192.168.10.25 with 24bit subnet 255.255.255.0
When clients tries to recieve settings it fails, since the interface seems unreachable and i get a 169.x.x.x offline address instead.

Best regards
Tim

kejianshi · Jul 11, 2013, 2:45 PM

OK - From the top.

What is the IP of the LAN interface?
What is its DHCP range?

What is the IP of the OPT interface?
What is its DHCP range?

Are they both set to static?

No mention of gateways in your LAN or OPT interface assignment I hope?

What does the Firewall rule entry for LAN and OPT look like? (paste here if possible)

Also, have you swapped the cables on your LAN and OPT around to be sure you just do have a bad Ethernet cable?

Have you tried a Status > filter reload yet?

kejianshi · Jul 11, 2013, 2:49 PM

I'm inspired. I'm going to change my LAN IPs to 8.8.8.8 and 8.8.4.4 today for the next 24 hours as a joke on my kids.

Neophyte · Jul 11, 2013, 2:55 PM

Thanks,

LAN: bce0
172.16.10.1, DHCP: 172.16.10.70 - 172.16.10.75
255.255.0.0

LAN2 OPT1
192.168.10.1 DHCP: 192.168.10.20 - 192.168.10.25
255.255.255.0

Booth are static. The firewall rules is exactly the same on booth interfaces. They are pass * to *
None of the Interfaces have a gateway, the LAN works, i can connect to the internet, but not LAN2.

I've swapped cables.

Best regards
Tim

kejianshi · Jul 11, 2013, 3:10 PM

What does the pfsense status say about all of your interfaces on the main page?

UP? down? Red? Green?

Also, in the drop down menu, for MAC addresses in your interfaces > assign, for the OPT1, what is the MAC? How many choices for MACS are there? If you count all the possible MACS is it , less, the same, more than interfaces on your system? Are the macs you assigned to each interface different? (not even sure if its possible to assign 1 MAC to 2 interfaces, but I'm wondering)

And is 255.255.0.0 a typo?