• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Basic routing help for noob

Scheduled Pinned Locked Moved Routing and Multi WAN
5 Posts 3 Posters 1.4k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    therampant
    last edited by Jul 30, 2013, 9:29 AM

    Hi,

    I have an OVH server which has 1 physical NIC. This server has Xen Server installed. Inside Xen Server I have a pfSense virtual machine with 2 interfaces.

    Xen center has an interface xenbr0 which is the wan connection from the server to the net. This has an ip address of 12.12.12.122, a broadcast address of 12.12.12.255 and a netmask of 255.255.255.0

    re0 is the WAN interface with the same mac address as the physical NIC. However re0 uses one of OVH's fail over Ips with a virtual mac address. re0 has ip address 13.13.13.133, a broadcast address of 13.13.13.133, a netmask of 255.255.255.255 and the gateway is 12.12.12.255 This configuration is working ok, with pfSense able to download packages from the net.

    re1 is a LAN, a virtual network interface created in Xen Server, has DCHP server turned on turfing out ip's between 172.20.10.1 and 172.20.10.254, cidr /24, the DNS servers are 8.8.8.8, and 8.8.4.4.

    I am not able to access the internet from the LAN. If I run a live cd as a virtual machine and give it re1 as an interface, an Ip address is assigned, dhcp works and i can access the pfsense interface on 172.20.10.1. I am able to ping 13.13.13.133 but I am not able to ping 12.12.12.122 nor 8.8.8.8.

    Please help. I am confused.

    1 Reply Last reply Reply Quote 0
    • P
      podilarius
      last edited by Jul 30, 2013, 2:04 PM

      On the WAN interface on the pfsense machine, is block private IPs option set?
      If you traceroute, where does it stop?
      What is the status of NAT?

      1 Reply Last reply Reply Quote 0
      • T
        therampant
        last edited by Jul 30, 2013, 4:14 PM

        @podilarius:

        On the WAN interface on the pfsense machine, is block private IPs option set?

        No but block bogon network is

        @podilarius:

        If you traceroute, where does it stop?

        test vm only has tracepath installed
        $ tracepath 8.8.8.8
        1: vm.local      0.1ms pmtu 1500
        1: 172.20.10.1  1.0ms
        1: 172.20.10.1  1ms
        2: no reply

        @podilarius:

        What is the status of NAT?

        Firewall NAT port forward
        Nothing set
        Firewall NAT 1:1
        Nothing set
        Firewall NAT outbound
        Automatic outbound NAT rule generation default rules

        1 Reply Last reply Reply Quote 0
        • P
          podilarius
          last edited by Jul 30, 2013, 5:44 PM

          Cannot trust tracepath. I tried it on system that can ping out and also traceroute and it just doesn't work.
          If you are on a live CD, just do "sudo su -" or just a "su -" and see if traceroute is available.
          Otherwise ping along the path you know. So, you should be able to ping LAN, and WAN of the pfsense. Then, you should be able to ping the default gateway of pfsense.
          Try a reboot if you have not already.

          1 Reply Last reply Reply Quote 0
          • K
            kejianshi
            last edited by Jul 30, 2013, 6:25 PM

            Did you go into your pfsense firewall > rules > Lan and put in a rule to pass traffic to anywhere?

            The fact that you can ping things inside the network but not outside makes me wonder about your firewall rules.

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received