Cannot access computer over lan
-
My new pfsense box has been working pretty much ok for as long its been running but theres one issue. For some odd reason the computer that i use as a server i cannot communicate with. THe server can ping all computers on the lan but no computer can ping it. Maybe its because it has a static ip set that is in the dhcp range? But there are no ip conflicts so im not sure. I have never had a problem communicating with it before i started using pfsense with the same settings so i am confused.
I have since changed the static ip to outside of the dhcp range and put a static ip entry in pfsense for the server and can now vnc and ping it from my laptop but my iphone still cannot vnc into it. Also the server is running bind to provide dns lookups (at least it used too) but the lookups are now so slow. I used to see maybe 30-100millisecond lookups when it was a lookup that wasnt cached but now i have seen as high as 4000ms. I really dont understand the issue here at all.
I tried adding a floating rule in the firewall tab to allow access but that had no effect.I guess its also important to note that my guest wifi ap is also having issues. It has a 192.168.1.9 wan ip and the clients get a 192.168.3.0/24 address like ive had it setup like for years but now they have no internet access.
-
Post a network map. You've got a network config issue. The firewall is your "gateway" to other networks and is not even contacted during PC to PC communication on the same LAN unless they are in separate VLANs (or interfaces) that are terminated at the firewall, so PFsense is not your issue.
Assuming you're allowing ICMP thru the software firewall on your server (check it), most likely you have the wrong default gateway configured.
Your AP problem is probably a symptom of the same config issue. Need to identify if your clients truly do not have internet or if they just can not resolve DNS. Plus, since you've installed PFsense as your gateway, you know longer need your wifi router to function as the gateway… you're just adding unnecessary complexity by double NATing... you should disable DHCP on your wifi router and plug into a LAN port.
-
Network looks like this
modem – Pfsense -- 8 port unmanaged switch. The unmanaged switch has the server connected to it and my home network ap and guest ap.
All computers on the network also have the pfsense box as their gateway, i checked to be sure.
Software firewall on server is disabled -
If your guest ap is routing, rather than NATing, then the default LAN firewall rule will not allow the traffic as it won't have source 'LAN net'.
Check the firewall logs for traffic being blocked on LAN.Steve
-
"guest wifi ap is also having issues. It has a 192.168.1.9 wan ip and the clients get a 192.168.3.0/24"
That is not AP.. that is nat router with wifi. if your pfsense lan is 192.168.1.0/24 then your AP LAN IP should be on that network, and its dhcp server should be OFF.. And pfsense dhcp would give wireless their IPs. Your "guest ap/wifi router" should be connected to your network via one of its LAN ports if you just want to use it as AP.
As stated pfsense has NOTHING to do with communication between devices on your lan.. Only if multiple segments that had gateways on pfsense would pfsense be involved in communications between those segments.
Be it the IP is outside dhcp scope or inside has nothing to do with it. Devices using your servers bind for dns would have nothing to do with pfsense - other than your server using pfsense to use the internet to get to either roots or what it has setup as dns forwarder?
-
Yes I suppose it's not a ap becuase of that, sorry for the confusion. But that's not really the main problem anyway. I was goingn to turn dhcp off on the guest router anyway and switch it to opt1 interface at some point. I just don't understand what the issue is between my server and lan clients. I couldn't ping the server at all after I switched to my pfsense router. The default gateway didn't even change during the switch and the server has a static ip. I understand pfsense isn't involed in lan to lan traffic on the same interface but this is just odd. I don't understand what is causing this issue.
-
"couldn't ping" is unhelpful. ;)
What error was given when you tried to ping the server?There could be several causes here.
You clients can't ping the server because they have no route to it. This could be a bad gateway, bad subnet mask, some static route issue.
The client can ping but they receive no reply. Perhaps the server doesn't have a route back to the clients.
Given that the server can ping the clients and receive a reply it seems very likely that the server just isn't responding for some reason. Local firewall as Jon suggested would be my first check but you've looked for that.Are you pinging by IP or network name?
Some IPv6/v4 issue? Seems unlikely. What OS is your server?Steve
-
Unfortunately or (fortunately) the server is responding from pings from all lan clients now so i cant tell you exactly what the error was. It was either request timeout or destination host unreachable, im sorry if thats not very helpful but i cant remember. I was pinging the IP. The os of my server is windows 7, maybe some wouldn't call windows 7 a server OS but it works fine for my purposes. I only use ipv4 on my lan btw. The thing that is odd now is that some things are working with the server and some arent. Such as vnc, i am able to connect with my mac and pc but not my iphone. I haven't tested that on any other computers yet. Also my DLNA server is no longer accessible from my fire tv. Yet i was able to access the dlna server from my iphone. It seems to be selective for some reason but nothing besides the router has changed. The gateway and subnet mask stayed the same during this switch.
Also I changed the dns server of the mac and using dig tested dns query times and they seem to be as quick as before. But on my laptop they can be a hit or miss which is confusing.
-
Stale ARP cache somewhere?
-
Again what does this have to do with pfsense.. Your devices are connected to a dumb switch via AP - which has nothing to do with pfsense. Pfsense in how I am understanding your network is gateway to internet only. All devices talking to each other have nothing to do with pfsense.
-
Exactly. What has changed here? Well the since you've got a new DHCP server it's entirely possible that all the clients using DHCP have got new addresses. If your server has some cache that is still referencing the old IPs then that might explain it. Without meaning to sound insulting; 'have you tried turning it off and on again'? :P
Also unless you have explicitly disabled IPv6 in pfSense it will be using it to some extent. Many OSs default to using IPv6 if it's available at all. Possible your old router had no IPv6 capability so that's also a change.
Steve
-
Ipv6 is disabled in pfsense. My router isnt really old its a wndr3700 ddwrt router. I guess it has nothing to do with pfsense but it seems logical that there is an issue with it somewhere because it worked before pfsense replace my ddwrt router. And yes lol i have tried restarting it.
-
OP, I think the main issue here is…given your setup (Modem -> PFsense -> Lan) and what you're trying to do... I think we all agree that the issue is not PFsense related. That being said, there are still some of us who are willing to help troubleshoot out of curiosity and others who are not. The one's who are willing to help require more intimate details about your network. e.g:
-
add IP's to your network map, so we can get a better sense of what's going on and where things are connected
-
post your LAN IP scheme
-
post your DHCP scope options
-
post the IP, mask, gateway and DNS of the machine's your having issues with
In short, there is a certain subset of people who are happy to help, but we would all just be making assumptions and speculating without more details.
-
-
ok i understand.
gateway IP is 192.168.1.1, server is 192.168.1.8, and dhcp clients get ips between 192.168.1.100-200.
Server ip=192.168.1.8, mask=255.255.255.0, dns=127.0.0.1(runs bind dns server).
Let me know if anyone needs more info. -
Ok so from a client.. Ping 192.168.1.8, now look in your arp cache.
C:>ping 192.168.1.8
Pinging 192.168.1.8 with 32 bytes of data:
Reply from 192.168.1.8: bytes=32 time=1ms TTL=128
Reply from 192.168.1.8: bytes=32 time<1ms TTL=128Ping statistics for 192.168.1.8:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms
Control-C
^C
C:>arp -aInterface: 192.168.1.100 –- 0xc
Internet Address Physical Address Type
192.168.1.7 00-0c-29-dd-02-ba dynamic
192.168.1.8 00-0c-29-55-4f-95 dynamic
192.168.1.40 00-1f-29-54-17-14 dynamic
192.168.1.219 00-0c-29-67-0d-fb dynamic
192.168.1.253 00-0c-29-1e-18-ae dynamic
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
239.255.255.250 01-00-5e-7f-ff-fa static
255.255.255.255 ff-ff-ff-ff-ff-ff staticDo you get mac - is it correct.. Check on the server. ipconfig /all will show you mac or ifconfig on linux.
Is this client wired or wireless.. If wireless - connect it to the same switch that server is connected too. Does it work now?
You do understand the windows firewall will block ping out of the box.. Especially if public setting for the network. If you change the gateway of windows machine - it will see it as new network, so if your profile was home/private before and you change out your old router with new router. Windows could now see that as public network and all firewall rules change, etc..
If you see the mac address and does not answer ping - then its 99% sure its software firewall running on 192.168.1.8 – and if you can ping 192.168.1.100 from .8 I would say 99.99% firewall issue on .8
-
I am not having issues with ping anymore and my windows firewall is disabled and the network is set as a private network in windows. The issues i am having now is that certain services on the server do not work or are slow now. Maybe its because of how the network is setup. Because its like this
Modem - Pfsense - SwitchDevices connected to the switch are the server, wired lan clients, and the AP. This might be the bottleneck. I could connect the server directly to the AP because it is basically a switch now as well and it has 4 gigabit lan ports. I dont really see how this could be slowing it down but maybe it is? But its really not just the slow down, things just are not working correctly.
Might uninstall windows and switch to a Linux flavored OS. -
What things are not working or what is slow? What is your switch? Maybe you have a duplex mismatch? from the switch to the AP? Are things slow when 2 devices connected to the switch? Is the switch 100 or gig?
-
Dns lookups are slow to the server. Vnc is not working only on my iphone for some reason. It works on my ipad and laptop. SMB seems to be the same speed although smb over Ethernet is incredibly fast, faster than before actually. I am getting like 110 MB/sec which is almost the full gigabit connection. Also plex doesnt work at all on my wireless clients.
My switch is some d-link unmanged gigabit switch. A duplex mismatch from the AP to the switch could make some sense. Not sure how to check the duplex on ddwrt though.
Maybe i could try plugging the ddwrt router into a port on the pfsense box and making it another lan port so it can communicate to the server and see if speeds are better.
I think it defitinley has something to do with the wireless AP causing these issues. Maybe i could try turning on STP or something on it?
-
Well I guess I'm gonna buy another access point or revert to the stock firmware on my current router and see if things change because I am still having issues.
