Cannot ping WAN interface
-
Hi, I'm new to pfsense.
I chosse pfsense in order to replace a Cisco PIX 501. I have perfomed all the configs and now I'm testing (trying to) in a lab network.
The network setup is as followsInternet
|
|
TPLinkrouter (192.168.140.1 )–-----(wan em0 192.168.140.112)-- PFSense---- (lan em1 192.168.0.15) ----X--- 192.168.0.240 (PC2)
|
|
192.168.140.101 (PC1)From PC1 I'm not able to ping WAN Interface:
- They are on the same subnet, so according to documentation there is no need to add static routes.
- I put a rule allowing ICMP Traffic on the wan network
- the ARP table on pfsense contains an entry for 192.168.140.101
- check boxes for Block private networks and Block bogon networks on the wan interface: UNCHECKED
- routing tables seems to be ok for medefault 192.168.140.1 UGS 0 4655 1500 em0
127.0.0.1 link#7 UH 0 32 16384 lo0
192.168.0.0/24 link#2 U 0 9052 1500 em1
192.168.0.15 link#2 UHS 0 0 16384 lo0
192.168.140.0/24 link#1 U 0 66 1500 em0
192.168.140.1 00:18:71:ea:a9:b5 UHS 0 2443 1500 em0
192.168.140.112 link#1 UHS 0 0 16384 lo0Any ideas?
Thank you very much in advance
Ana
-
What mode is the TPlink in? Are you just using it as a switch? If so why are you calling it a router?
If it's a router, why are two interfaces on the same IP network?
Post screen shots. I could set this up 1000 times and it would work every time so things are not how you think they are.
-
The TP LInk is a modem router ADSL with 4 LAN ports
Attached a more detailed diagram
The problem is I cannot ping from PC1 to WAN interface nor from WAN to PC1.
From WAN I'm able to ping the gateway 192.168.140.1
Frpm PC1 I'm able to ping the gateway 192.168.140.1Thank you very much
Regards
Ana
-
Please attach a screenshot of the FW WAN rules
-
On your new pfSense please.
-
Attahced WAN Fw rules
Thank you
-
OK. That looks right. What happens if you plug PC1 into the pfSense WAN port? Can you ping it?
-
same result :-( (I have tried with a normal cable and with a crossover cable)
In the original scenario, pfsense and PC1 are able to ping their default gateway (192.168.140.1). pf sense (via its WAN if) it is able to ping any other public IP.
For some reason I'm not able to see pfsense is not able to see any in the WAN network with the exception of its default gateway
Thank you.
-
No idea. Diagnostics->Packet Capture on WAN and see what it shows.
-
Could be a firewall problem on PC1
-
I know what it isn't.
-
What isn't it?
-
FreeBSD/pf with an em card.
-
I'd tend to agree.
I wonder if he could be talked into downloading ubuntu or linux mint and booting it live from disk and then checking connectivity from pc1?
That way I'd be pretty sure that a firewall or other setting on PC1 wasn't the issue.
-
Easier to capture the traffic on WAN on pfSense. Or install wireshark on PC1. Or both.
-
may be you config worng
-
PC1 it is able to ping PC3… anyway I have disabled the FW/AV software on PCI, same result.
I'll try later with the WAN/PC1 captures
Regards
-
Well I have performed the captures.
Only ARP broadcast messages….
In pfsense (192.168.140.112)10:18:57.255415 ARP, Reply 192.168.140.112 is-at 00:18:71:ea:a9:b5, length 28
10:18:58.253579 ARP, Request who-has 192.168.140.112 tell 192.168.140.101, length 46
10:18:58.253586 ARP, Reply 192.168.140.112 is-at 00:18:71:ea:a9:b5, length 28
10:18:59.253501 ARP, Request who-has 192.168.140.112 tell 192.168.140.101, length 46
10:18:59.253508 ARP, Reply 192.168.140.112 is-at 00:18:71:ea:a9:b5, length 28
10:19:00.255669 ARP, Request who-has 192.168.140.112 tell 192.168.140.101, length 46
10:19:00.255676 ARP, Reply 192.168.140.112 is-at 00:18:71:ea:a9:b5, length 28
10:19:01.253716 ARP, Request who-has 192.168.140.112 tell 192.168.140.101, length 46
10:19:01.253723 ARP, Reply 192.168.140.112 is-at 00:18:71:ea:a9:b5, length 28In PC1 (see attached)
-
OK. The PC is asking who has .112 and something is replying. Then the PC asks again. And again. And again. You need to find out why your PC is receiving an arp reply and ignoring it.
00:18:71:ea:a9:b5 should be what you expect for the MAC address of the interface on 192.168.140.112
