No IP address displayed
-
Hmm, that does seem odd. Those VMs only have a single adapter assigned to each?
At least the pfSense DHCP server is handing out consecutive IPs in the correct order and range so you know that's configured correctly. ;)Steve
-
Hmm, that does seem odd. Those VMs only have a single adapter assigned to each?
At least the pfSense DHCP server is handing out consecutive IPs in the correct order and range so you know that's configured correctly. ;)Noted. Thanks
Continue OPT1
Interfaces -> OPT1 -> (check) Enable Interfaces
IPv4 Configuration Type Static IPv4
IPv6 Configuration Type NoneIPv4 address 192.168.2.1 / 30
Gateway None
(uncheck) Block private networks
(uncheck) Block bogon networks-> Save -> Apply Changes
Firewall
-> Rules-> add new rule
Firewall: Rules: Edit
Action Pass
Interface OPT1
TCP/IP Version IPv4
Protocol TCP
Description blank
-> Save - Apply Changes
(see screenshot)Services
-> DHCP server
-> OPT1(check) Enable DHCP server on OPT1 interface
(Available range 192.168.2.1 - 192.168.2.2 )(default)
Range 192.168.2.1 to 192.168.2.2-> Save -> Apply Change
(see screenshot)How to connect PC2?
satimis
-
The dhcp range should not include the opt1 interface address. I'm surprised pfSense allowed you to choose that. If it hands out 192.168.2.1 to the host it won't be to connect as it will have the same address! Try using only .2.2 or switch to a /29 and use, say, 2.2-2.6.
Steve
-
The dhcp range should not include the opt1 interface address. I'm surprised pfSense allowed you to choose that. If it hands out 192.168.2.1 to the host it won't be to connect as it will have the same address! Try using only .2.2 or switch to a /29 and use, say, 2.2-2.6.
Re-edit:
OPT1
Static IPv4 configuration
IPv4 address
change to: 192.168.2.2 /29
-> Save -> Apply changesTurn off pfSense
Set
Adapter 3
Host-only Adapter
vboxnet0Start pfSense
WAN (wan) -> pppoe1 -> v4/PPPoE: xxx.xxx.xxx.xxx./32
LAN (lan) -> em1 -> v4: 192.168.1.1/24
OPT1 (opt1) -> v4: 192.168.2.2/29On Host run;
$ sudo /etc/init.d/networking restart```[....] Running /etc/init.d/networking restart is deprecated because it may not r[warnble some interfaces ... (warning).
[....] Reconfiguring network interfaces...Internet Systems Consortium DHCP Client 4.2.2
Copyright 2004-2011 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/Listening on LPF/vboxnet0/0a:00:27:00:00:00
Sending on LPF/vboxnet0/0a:00:27:00:00:00
Sending on Socket/fallback
DHCPRELEASE on vboxnet0 to 192.168.56.100 port 67
Plugin rp-pppoe.so loaded.
Internet Systems Consortium DHCP Client 4.2.2
Copyright 2004-2011 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/Listening on LPF/vboxnet0/0a:00:27:00:00:00
Sending on LPF/vboxnet0/0a:00:27:00:00:00
Sending on Socket/fallback
DHCPDISCOVER on vboxnet0 to 255.255.255.255 port 67 interval 5
DHCPREQUEST on vboxnet0 to 255.255.255.255 port 67
DHCPOFFER from 192.168.56.100
DHCPACK from 192.168.56.100
bound to 192.168.56.101 -- renewal in 575 seconds.
done.$ ping yahoo.com ping: unknown host yahoo.com $ ping 192.168.1.1 connect: Network is unreachable $ ping 192.168.2.2 connect: Network is unreachable $ cat /etc/network/interfacesauto lo
iface lo inet loopbackauto eth0
iface eth0 inet manualauto dsl-provider
iface dsl-provider inet ppp
pre-up /sbin/ifconfig eth0 up # line maintained by pppoeconf
provider dsl-providerauto vboxnet0
iface vboxnet0 inet dhcpOn pfSense ping 192.168.56.100/192.168.56.101 100% pocket loss VM Ubuntu 12.04 $ sudo ifconfig``` eth1 Link encap:Ethernet HWaddr 08:00:27:5a:3d:a4 inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:fe5a:3da4/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4840 errors:0 dropped:0 overruns:0 frame:0 TX packets:4138 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:4620611 (4.6 MB) TX bytes:917984 (917.9 KB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:408 errors:0 dropped:0 overruns:0 frame:0 TX packets:408 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:63253 (63.2 KB) TX bytes:63253 (63.2 KB)This time pfSense assigns "eth1 …. inet addr:192.168.1.100 ..."
satimis
-
Hmm, well as I said earlier the presence of 192.168.56.X shows that VBox is NATing the connection somehow and handing out its own IPs. I could have misunderstood the use of the 'host only adapter'. Perhaps another adapter type is better suited to this or it needs further configuration. Hmm, more reading needed!
I'm not sure why pfSense would be handing out addresses like .100. It could be that the client is specifically asking for it and that the DHCP server remembers what address it handed to that MAC last time.
I have no idea why the VMs interfaces are being recognised as eth1-3 etc. If they have only one adapter assigned to them in VBox they should recognise that as eth0.Steve
-
Hmm, well as I said earlier the presence of 192.168.56.X shows that VBox is NATing the connection somehow and handing out its own IPs. I could have misunderstood the use of the 'host only adapter'. Perhaps another adapter type is better suited to this or it needs further configuration. Hmm, more reading needed!
I'm not sure why pfSense would be handing out addresses like .100. It could be that the client is specifically asking for it and that the DHCP server remembers what address it handed to that MAC last time.
I have no idea why the VMs interfaces are being recognised as eth1-3 etc. If they have only one adapter assigned to them in VBox they should recognise that as eth0.Hi Steve,
I have been looking the wrong way in the past. Actually using VirtualBox NAT for WAN and Intnet for LAN works seamless.
Steps:-
-
Host get pppoe connection
-
pfSense
Adapter - 1
NAT
Adapter - 2
Internal Network
intnet- VM1/VM2
Adapter - 1
Internal Network
intnet
VM1 (Ubuntu 12.04)
$ sudo ifconfig```eth1 Link encap:Ethernet HWaddr 08:00:27:5a:3d:a4
inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe5a:3da4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:40209 errors:0 dropped:0 overruns:0 frame:0
TX packets:32223 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:34263777 (34.2 MB) TX bytes:3947664 (3.9 MB)lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:25411 errors:0 dropped:0 overruns:0 frame:0
TX packets:25411 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2086439 (2.0 MB) TX bytes:2086439 (2.0 MB)VM2 (Debian 7.3) $ sudo ifconfig``` eth0 Link encap:Ethernet HWaddr 08:00:27:d8:07:4f inet addr:192.168.1.106 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:fed8:74f/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:18517 errors:0 dropped:0 overruns:0 frame:0 TX packets:18813 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:8109196 (7.7 MiB) TX bytes:2644640 (2.5 MiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:420 errors:0 dropped:0 overruns:0 frame:0 TX packets:420 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:42609 (41.6 KiB) TX bytes:42609 (41.6 KiB)Both VM1 and VM2 can browse Internet.
(eth0 and eth1 are another issue, why NOT the same? I'll try fixing it later. Also 192.168.1.100 may be another issue. Why not 192.168.1.2/3/4?)
Now to solve the problem of connecting PC2 I created another LAN, em2
WAN (wan) -> em0 -> V4/DHCP4: 10.0.2.15/24 LAN (lan) -> em1 -> V4: 192.168.1.1/24 OPT1 (opt1) -> em2 -> ....How to setup OPT1? Whether following you previous advice? How to make PC2 detect/listen em2? Thanks
Rgds
satimis -
-
If you do that then you are double NATing the connection which can break some protocols. It makes port forwarding far more difficult.
Much better to do it as you had it before so that pfSense does the PPPoE connection directly and gets the public IP address.I have to do some more reading about the different interface types in VBox before I can offer further advise.
Anyone else care to chip in?
Steve
-
If you do that then you are double NATing the connection which can break some protocols. It makes port forwarding far more difficult.
Much better to do it as you had it before so that pfSense does the PPPoE connection directly and gets the public IP address.I also found some disadvantage. Each time starting pfSense I have to filling WAN and LAN interfaces.
If not with such config I have to facing 2 problems:
- How to connect Host ?
- How to connect PC2 ?
satimis
-
Hmm, it definitely looks like the host-only adapter is the correct way to have the host communicate with the pfSense VM.
http://www.virtualbox.org/manual/ch06.html#network_hostonly
I would think that you just need to configure it to not use the VBox DHCP sever. Maybe you have to manually configure it in the same subnet as the OPT1 interface? :-\Steve
-
Hmm, it defibiotely looks like the host-only adapter is the correct way to have the host communicate with the pfSense VM.
http://www.virtualbox.org/manual/ch06.html#network_hostonlyThanks
I would think that you just need to configure it to not use the VBox DHCP sever. Maybe you have to manually configure it in the same subnet as the OPT1 interface? :-\
Interfaces -> OPT1
I'm not allowed to select DHCPWarning```
The following input errors were detected:
The DHCP Server is active on this interface and it can be used only with a static IP configuration. Please disable the DHCP Server service on this interface first, then change the interface configuration.
satimis -
What I meant was to configure VBox not to run a DHCP server on the host-only adapter. You need to keep a static IP on the pfSense OPT1 interface. You could use static IPs in the host also since there are only going to be two machines in that subnet.
Steve
-
What I meant was to configure VBox not to run a DHCP server on the host-only adapter. You need to keep a static IP on the pfSense OPT1 interface. You could use static IPs in the host also since there are only going to be two machines in that subnet.
Performed another test:
pfSense
Adapter 1
Bridge
eth0Adapter 2
Internal Network
intnetAdapter 3
Host-Only Network
vboxnetWAN (wan) -> pppoe2 -> v4/PPPoE: XXX.XXX.XXX.XXX
LAN (lan -> em1 -> v4: 192.168.1.1/24
OPT1 (opt1) -> em2 ->: v4: 192.168.2.2/29
(Why pppoe2? NOT pppoe1?)OPT1
IPv4 Configuration Type Static IPv4
IPv6 Configuration Type None
IPv4 address 192.168.2.2VM Ubuntu can connect Internet
Adapter 1
Internal Network
intnetHost can't connect Internet
$ sudo ifconfig```
eth0 Link encap:Ethernet HWaddr 00:26:18:44:b6:1a
inet6 addr: fe80::226:18ff:fe44:b61a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:158 errors:0 dropped:0 overruns:0 frame:0
TX packets:349 errors:0 dropped:0 overruns:0 carrier:2
collisions:0 txqueuelen:1000
RX bytes:10631 (10.3 KiB) TX bytes:23660 (23.1 KiB)
Interrupt:18eth1 Link encap:Ethernet HWaddr 90:f6:52:03:57:86
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:43 Base address:0x6000lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:480 (480.0 B) TX bytes:480 (480.0 B)vboxnet0 Link encap:Ethernet HWaddr 0a:00:27:00:00:00
inet addr:192.168.56.1 Bcast:192.168.56.255 Mask:255.255.255.0
inet6 addr: fe80::800:27ff:fe00:0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:60 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:9952 (9.7 KiB)$ ping 192.168.56.1``` PING 192.168.56.1 (192.168.56.1) 56(84) bytes of data. 64 bytes from 192.168.56.1: icmp_req=1 ttl=64 time=0.022 ms 64 bytes from 192.168.56.1: icmp_req=2 ttl=64 time=0.022 ms 64 bytes from 192.168.56.1: icmp_req=3 ttl=64 time=0.022 ms 64 bytes from 192.168.56.1: icmp_req=4 ttl=64 time=0.021 ms 64 bytes from 192.168.56.1: icmp_req=5 ttl=64 time=0.022 ms ^C --- 192.168.56.1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 3999ms rtt min/avg/max/mdev = 0.021/0.021/0.022/0.005 ms$ cat /etc/network/interfaces```
auto lo
iface lo inet loopbackauto eth0
iface eth0 inet manualauto dsl-provider
iface dsl-provider inet ppp
pre-up /sbin/ifconfig eth0 up # line maintained by pppoeconf
provider dsl-providerauto vboxnet0
iface vboxnet0 inet dhcpOPT1 (opt1) -> em2 ->: v4: 192.168.2.2/29
Do I need another physical NIC to satisfy em2? If it is then I need another physical NIC for connecting PC2? satimis -
The vboxnet adapter is still showing a 192.168.56.X address which means that VBox is still running a dhcp server somehow. You could try just setting that as static in PC1 and put it in the same subnet as the OPT1 interface, 192.168.2.3 for example.
You will need another physical interface to connect to PC2.
The OPT1 interface does not need to be physical. It appears as em2 in pfSense because the VBox adapter replicates an Intel Gigabit card.
Steve
-
The vboxnet adapter is still showing a 192.168.56.X address which means that VBox is still running a dhcp server somehow. You could try just setting that as static in PC1 and put it in the same subnet as the OPT1 interface, 192.168.2.3 for example.
You will need another physical interface to connect to PC2.
The OPT1 interface does not need to be physical. It appears as em2 in pfSense because the VBox adapter replicates an Intel Gigabit card.
Host
$ cat /etc/network/interfaces```
The loopback network interface
auto lo
iface lo inet loopbackauto eth0
iface eth0 inet manualauto dsl-provider
iface dsl-provider inet ppp
pre-up /sbin/ifconfig eth0 up # line maintained by pppoeconf
provider dsl-providerauto vboxnet0
iface vboxnet0 inet static
address 192.168.2.3
netmask 255.255.255.0
gateway 192.168.2.2$ sudo /etc/init.d/networking restart``` [....] Running /etc/init.d/networking restart is deprecated because it may not r[warnble some interfaces ... (warning). [....] Reconfiguring network interfaces...Plugin rp-pppoe.so loaded. done.$ sudo ifconfig```
eth0 Link encap:Ethernet HWaddr 00:26:18:44:b6:1a
inet6 addr: fe80::226:18ff:fe44:b61a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7199 errors:0 dropped:0 overruns:0 frame:0
TX packets:6103 errors:0 dropped:0 overruns:0 carrier:1
collisions:0 txqueuelen:1000
RX bytes:7467076 (7.1 MiB) TX bytes:1101048 (1.0 MiB)
Interrupt:18eth1 Link encap:Ethernet HWaddr 90:f6:52:03:57:86
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:43 Base address:0x6000lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:27 errors:0 dropped:0 overruns:0 frame:0
TX packets:27 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2025 (1.9 KiB) TX bytes:2025 (1.9 KiB)vboxnet0 Link encap:Ethernet HWaddr 0a:00:27:00:00:00
inet addr:192.168.2.3 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::800:27ff:fe00:0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:315 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:48634 (47.4 KiB)$ ping yahoo.com``` ping: unknown host yahoo.com$ ping 67.195.160.76 (yahoo ip)
PING 67.195.160.76 (67.195.160.76) 56(84) bytes of data.
Just hanging here.VM Ubuntu
$ ping 192.168.2.3```PING 192.168.2.3 (192.168.2.3) 56(84) bytes of data.
64 bytes from 192.168.2.3: icmp_req=1 ttl=63 time=0.229 ms
64 bytes from 192.168.2.3: icmp_req=2 ttl=63 time=0.332 ms
64 bytes from 192.168.2.3: icmp_req=3 ttl=63 time=0.342 ms
64 bytes from 192.168.2.3: icmp_req=4 ttl=63 time=0.310 ms
64 bytes from 192.168.2.3: icmp_req=5 ttl=63 time=0.465 ms
64 bytes from 192.168.2.3: icmp_req=6 ttl=63 time=0.296 ms
^C
--- 192.168.2.3 ping statistics ---
6 packets transmitted, 6 received, 0% packet loss, time 5000ms
rtt min/avg/max/mdev = 0.229/0.329/0.465/0.070 mspfSense ping 192.168.2.3 works Edit === Host $ ping 192.168.2.2 PING 192.168.2.2 (192.168.2.2) 56(84) bytes of data. hanging here as well satimis -
Aha!
The host box is probably not using the vboxnet interface as it's default route. What does 'route' show?Steve
-
Aha!
The host box is probably not using the vboxnet interface as it's default route. What does 'route' show?$ sudo ifconfig```
eth0 Link encap:Ethernet HWaddr 00:26:18:44:b6:1a
inet6 addr: fe80::226:18ff:fe44:b61a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:126 errors:0 dropped:0 overruns:0 frame:0
TX packets:127 errors:0 dropped:0 overruns:0 carrier:1
collisions:0 txqueuelen:1000
RX bytes:12304 (12.0 KiB) TX bytes:11683 (11.4 KiB)
Interrupt:18eth1 Link encap:Ethernet HWaddr 90:f6:52:03:57:86
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:43 Base address:0x4000lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:28 errors:0 dropped:0 overruns:0 frame:0
TX packets:28 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2228 (2.1 KiB) TX bytes:2228 (2.1 KiB)vboxnet0 Link encap:Ethernet HWaddr 0a:00:27:00:00:00
inet addr:192.168.2.3 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::800:27ff:fe00:0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:171 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:22317 (21.7 KiB)$ sudo route``` Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.2.2 0.0.0.0 UG 0 0 0 vboxnet0 192.168.2.0 * 255.255.255.0 U 0 0 0 vboxnet0$ sudo ip r```
default via 192.168.2.2 dev vboxnet0
192.168.2.0/24 dev vboxnet0 proto kernel scope link src 192.168.2.3$ sudo systemctl start dhcpcd@vboxnet0.service``` Failed to get D-Bus connection: No connection to service manager.Does it need a physical NIC ?
satimis
-
Ah, so the pfSense VM can ping 192.168.2.3 but the host cannot ping 192.168.2.2?
Did you add a firewall rule to the OPT1 interface in pfSense to allow that traffic?
Your screenshot earlier of rules on OPT1 shows only TCP traffic allowed and not ICMP (ping) or UDP (dns).Steve
-
Ah, so the pfSense VM can ping 192.168.2.3 but the host cannot ping 192.168.2.2?
No.
$ sudo ifconfig```
eth0 Link encap:Ethernet HWaddr 00:26:18:44:b6:1a
inet6 addr: fe80::226:18ff:fe44:b61a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3671 errors:0 dropped:0 overruns:0 frame:0
TX packets:3500 errors:0 dropped:0 overruns:0 carrier:1
collisions:0 txqueuelen:1000
RX bytes:3307162 (3.1 MiB) TX bytes:758567 (740.7 KiB)
Interrupt:18eth1 Link encap:Ethernet HWaddr 90:f6:52:03:57:86
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:43 Base address:0x6000lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:35 errors:0 dropped:0 overruns:0 frame:0
TX packets:35 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:3240 (3.1 KiB) TX bytes:3240 (3.1 KiB)vboxnet0 Link encap:Ethernet HWaddr 0a:00:27:00:00:00
inet addr:192.168.2.3 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::800:27ff:fe00:0/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:157 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:21625 (21.1 KiB)$ ping 192.168.2.2``` PING 192.168.2.2 (192.168.2.2) 56(84) bytes of data. From 192.168.2.3 icmp_seq=1 Destination Host Unreachable From 192.168.2.3 icmp_seq=5 Destination Host Unreachable ^C --- 192.168.2.2 ping statistics --- 8 packets transmitted, 0 received, +2 errors, 100% packet loss, time 6999msDid you add a firewall rule to the OPT1 interface in pfSense to allow that traffic?
Your screenshot earlier of rules on OPT1 shows only TCP traffic allowed and not ICMP (ping) or UDP (dns).Changed it already TCP/UDP
(pls see photo attached)Still same result;
$ ping 67.195.160.76```PING 67.195.160.76 (67.195.160.76) 56(84) bytes of data.
From 192.168.2.3 icmp_seq=1 Destination Host Unreachable
From 192.168.2.3 icmp_seq=2 Destination Host Unreachable
From 192.168.2.3 icmp_seq=3 Destination Host Unreachable
From 192.168.2.3 icmp_seq=4 Destination Host Unreachable
From 192.168.2.3 icmp_seq=5 Destination Host Unreachable
From 192.168.2.3 icmp_seq=6 Destination Host Unreachable
^C
--- 67.195.160.76 ping statistics ---
8 packets transmitted, 0 received, +6 errors, 100% packet loss, time 7038ms
pipe 3satimis   -
Ping traffic is not TCP or UDP it's ICMP so unless you allow that too it will be blocked by the firewall.
Just change the protocol to 'all' for now to test the connection. You can always tighten up the rules later.Steve
-
Ping traffic is not TCP or UDP it's ICMP so unless you allow that too it will be blocked by the firewall.
Just change the protocol to 'all' for now to test the connection. You can always tighten up the rules later.Protocol - "all" is NOT available ONLY "any"
Change it to "any"$ ping 192.168.2.2```
PING 192.168.2.2 (192.168.2.2) 56(84) bytes of data.
From 192.168.2.3 icmp_seq=1 Destination Host Unreachable
From 192.168.2.3 icmp_seq=2 Destination Host Unreachable
From 192.168.2.3 icmp_seq=3 Destination Host Unreachable
^C
--- 192.168.2.2 ping statistics ---
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3014ms
pipe 3Still the same satimis
