Routing Between LANs



  • I have 3 subnets configured on my pfSense box, all on their own VLAN, truncked (dot1q) to a Cisco 2950. 192.168.1.0/24, 192.168.2.0/24, and 192.168.3.0/24. I am having issues routing between them. All subnets have internet access, and all subnets can access the pfSense web config. The issue is when I attempt to ping (I have also tried SSH, telnet and HTTP) between networks. I have tried this with the firewall disabled in the advanced settings, still with no luck.

    I am pinging from 192.168.2.101 to the Cisco switch at 192.168.1.10. I have placed the Cisco switch in ip debug icmp mode to show the pings. The Cisco switch properly replies to the pings, so packets are being routed from the .2 to the .1 network, but they are not ever making it back to the other network. I have also tried this in reverse to no avail.

    I have checked the routing tables in pfSense, and it properly shows routes to all networks with U (usable) flags. I have even done a packet capture on the interfaces. I can see the echo requests (.2 to .1) but no echo replies (.1 back to .2). I can tell on the switch that the replies are being sent!

    I am at my wit's end trying to get this to work! I've tried to include as much as info as I can, but I'll be happy to post any more info if needed.

    Pinging PC (Windows 7/Firewall Disabled)

    Pinging 192.168.1.10 with 32 bytes of data:
    Request timed out.
    Request timed out.
    Request timed out.
    Request timed out.
    
    Ping statistics for 192.168.1.10:
        Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
    

    Cisco 2950

    6d00h: ICMP: echo reply sent, src 192.168.1.10, dst 192.168.2.101
    6d00h: ICMP: echo reply sent, src 192.168.1.10, dst 192.168.2.101
    6d00h: ICMP: echo reply sent, src 192.168.1.10, dst 192.168.2.101
    6d00h: ICMP: echo reply sent, src 192.168.1.10, dst 192.168.2.101
    
    

    pfSense packet capture on the 192.168.1.1 interface

    20:54:34.274163 IP 192.168.2.101 > 192.168.1.10: ICMP echo request, id 1, seq 131, length 40
    20:54:39.209421 IP 192.168.2.101 > 192.168.1.10: ICMP echo request, id 1, seq 132, length 40
    20:54:44.209114 IP 192.168.2.101 > 192.168.1.10: ICMP echo request, id 1, seq 133, length 40
    20:54:49.209034 IP 192.168.2.101 > 192.168.1.10: ICMP echo request, id 1, seq 134, length 40
    

    pfSense Routing Table

    
    192.168.1.0/24 	link#3 	U 	0 	2627121 	1500 	re0 	 
    192.168.1.1 	link#3 	UHS 	0 	0 	16384 	lo0 	 
    192.168.2.0/24 	link#9 	U 	0 	60258 	1500 	re0_vlan2 	 
    192.168.2.1 	link#9 	UHS 	0 	0 	16384 	lo0 	 
    192.168.3.0/24 	link#10 	U 	0 	0 	1500 	re0_vlan3 	 
    192.168.3.1 	link#10 	UHS 	0 	0 	16384 	lo0 	 
    


  • What does the Cisco switch think is its gateway? Maybe it is sending the echo replies to somewhere else, other than the pfSense LAN address?



  • Phil, you nailed it. I was thinking it was something that simple, just didn't think of it for some reason. Thanks a ton! Everything works great now.


Log in to reply