Simple ICMP issue
-
I cant believe im having this issue and that I actually have to post this question up… but im having ICMP issues crossing VLANs
Heres the simple setup. VLAN 10 and VLAN 99 (10=DATA 99=ADMIN). One host in vlan 10 (10.50.10.100) and one host in vlan 99 (10.50.99.100). They can each ping their own gateways. The pfSense box can ping each host on each individual link, but the hosts cannot ping each other.
Both hosts have full internet access. Both host are on the same L2 switch. Host A on an access port configured for VLAN 10 and host B on an access port configured for VLAN 99. Third trunk port going to pfSense. Both VLANs included in trunk and again, both have internet access.
ICMP is not blocked by either host. ICMP works fine within their respective broadcast domains ie they can both individually send and receive ICMP messages.
Firewall rules for each interface are test configured to allow everything ie for the VLAN 10 interface, protocol=any source=any port=any destination=any port=any etc
The same is true for the other VLAN interface.
Becuase these are directly connected networks, there should be absolutely no reason for static routes as the pfSense router already has routes to those networks in its routing table.
What the heck is wrong here?????
-
So as it turns out, it was not a network problem. I knew nothing could possibly be wrong with the network equipment so I finally decided to take a deeper look at the end hosts. It just so happened that I was testing with two windows boxes ( Win7 and Win8 ). As it turns out, both Windows 7 and 8 limit ICMP scope to the local subnet only. That not only explained the symptoms, but resolved it as well. Just needed to adjust the scope within the firewall rules.