Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Basic routing help for noob

    Routing and Multi WAN
    3
    5
    1.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      therampant
      last edited by

      Hi,

      I have an OVH server which has 1 physical NIC. This server has Xen Server installed. Inside Xen Server I have a pfSense virtual machine with 2 interfaces.

      Xen center has an interface xenbr0 which is the wan connection from the server to the net. This has an ip address of 12.12.12.122, a broadcast address of 12.12.12.255 and a netmask of 255.255.255.0

      re0 is the WAN interface with the same mac address as the physical NIC. However re0 uses one of OVH's fail over Ips with a virtual mac address. re0 has ip address 13.13.13.133, a broadcast address of 13.13.13.133, a netmask of 255.255.255.255 and the gateway is 12.12.12.255 This configuration is working ok, with pfSense able to download packages from the net.

      re1 is a LAN, a virtual network interface created in Xen Server, has DCHP server turned on turfing out ip's between 172.20.10.1 and 172.20.10.254, cidr /24, the DNS servers are 8.8.8.8, and 8.8.4.4.

      I am not able to access the internet from the LAN. If I run a live cd as a virtual machine and give it re1 as an interface, an Ip address is assigned, dhcp works and i can access the pfsense interface on 172.20.10.1. I am able to ping 13.13.13.133 but I am not able to ping 12.12.12.122 nor 8.8.8.8.

      Please help. I am confused.

      1 Reply Last reply Reply Quote 0
      • P
        podilarius
        last edited by

        On the WAN interface on the pfsense machine, is block private IPs option set?
        If you traceroute, where does it stop?
        What is the status of NAT?

        1 Reply Last reply Reply Quote 0
        • T
          therampant
          last edited by

          @podilarius:

          On the WAN interface on the pfsense machine, is block private IPs option set?

          No but block bogon network is

          @podilarius:

          If you traceroute, where does it stop?

          test vm only has tracepath installed
          $ tracepath 8.8.8.8
          1: vm.local      0.1ms pmtu 1500
          1: 172.20.10.1  1.0ms
          1: 172.20.10.1  1ms
          2: no reply

          @podilarius:

          What is the status of NAT?

          Firewall NAT port forward
          Nothing set
          Firewall NAT 1:1
          Nothing set
          Firewall NAT outbound
          Automatic outbound NAT rule generation default rules

          1 Reply Last reply Reply Quote 0
          • P
            podilarius
            last edited by

            Cannot trust tracepath. I tried it on system that can ping out and also traceroute and it just doesn't work.
            If you are on a live CD, just do "sudo su -" or just a "su -" and see if traceroute is available.
            Otherwise ping along the path you know. So, you should be able to ping LAN, and WAN of the pfsense. Then, you should be able to ping the default gateway of pfsense.
            Try a reboot if you have not already.

            1 Reply Last reply Reply Quote 0
            • K
              kejianshi
              last edited by

              Did you go into your pfsense firewall > rules > Lan and put in a rule to pass traffic to anywhere?

              The fact that you can ping things inside the network but not outside makes me wonder about your firewall rules.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.