Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Packet forwarding not working in a LAN only configuration

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      aenagy
      last edited by

      I am using pfSense 1.2.3 (please don't give me grief on the old version) as a LAN only router. The network is isolated on a single VMware ESXi host an there is no need/desire to route outside of the host – only between subnets on the router. I got this to work on another host without problems. The only difference is that in the non-working environment I am using non-RFC1918 subnets and in the working environment I was using 192.168.x.x subnets.

      I have a check mark in "Disable all packet filtering" and each interface has a rule that allow any traffic. The router is able to ping virtual machines directly on the subnets and the virtual machines are able to ping the router. The problem seems to be that packets are not being forwarded between interfaces. When I ping an interface on a different subnet from a virtual machine I get The ARP table shows the MAC addresses of the virtual machines I have pinged. The routing table shows all of the interfaces and all of the subnets. I have checked and double-checked things such as the IP addresses and subnet masks on the interfaces.

      I'm stuck. Any help would be appreciated.

      1 Reply Last reply Reply Quote 0
      • P Offline
        podilarius
        last edited by

        Do you have a route in the source machines that is specifically putting the other subnet's IP through pfSense or is there a different default route? If you have not, try rebooting after having disabled firewalling.

        1 Reply Last reply Reply Quote 0
        • A Offline
          aenagy
          last edited by

          I figured out the problem: partially due to PEBKAC and partially due to missing static routes. I should also mention that the subnets in the isolated network were duplicates of our production network.

          I did not fully explain to the user, for which this was built, how it was intended to be used. The other, and more important reason, was that a jump machine was configured with two vNICs: one inside the isolated network and the other outside that was routable to our production network. In order to communicate to the hosts inside the isolated I needed to add static host routes for each of the (dozen) hosts.

          route /p add <ip of="" host="" on="" isolated="" network="">mask 255.255.255.255 <ip address="" of="" vnic="" on="" isolated="" network="">Route
          http://technet.microsoft.com/en-us/library/ff961510.aspx

          This meant of course that the jump machine would not be able to contact the production instance of the hosts we had in the isolated network, but that was not a real problem.</ip></ip>

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.