• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Cannot access computer over lan

Scheduled Pinned Locked Moved General pfSense Questions
19 Posts 4 Posters 5.7k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • J
    jackbean
    last edited by Jan 9, 2015, 1:12 AM

    My new pfsense box has been working pretty much ok for as long its been running but theres one issue. For some odd reason the computer that i use as a server i cannot communicate with. THe server can ping all computers on the lan but no computer can ping it. Maybe its because it has a static ip set that is in the dhcp range? But there are no ip conflicts  so im not sure. I have never had a problem communicating with it before i started using pfsense with the same settings so i am confused.
    I have since changed the static ip to outside of the dhcp range and put a static ip entry in pfsense for the server and can now vnc and ping it from my laptop but my iphone still cannot vnc into it. Also the server is running bind to provide dns lookups (at least it used too) but the lookups are now so slow. I used to see maybe 30-100millisecond lookups when it was a lookup that wasnt cached but now i have seen as high as 4000ms. I really dont understand the issue here at all.
    I tried adding a floating rule in the firewall tab to allow access but that had no effect.

    I guess its also important to note that my guest wifi ap is also having issues. It has a 192.168.1.9 wan ip and the clients get a 192.168.3.0/24 address like ive had it setup like for years but now they have no internet access.

    1 Reply Last reply Reply Quote 0
    • M
      marvosa
      last edited by Jan 9, 2015, 4:53 AM

      Post a network map.  You've got a network config issue.  The firewall is your "gateway" to other networks and is not even contacted during PC to PC communication on the same LAN unless they are in separate VLANs (or interfaces) that are terminated at the firewall, so PFsense is not your issue.

      Assuming you're allowing ICMP thru the software firewall on your server (check it), most likely you have the wrong default gateway configured.

      Your AP problem is probably a symptom of the same config issue.  Need to identify if your clients truly do not have internet or if they just can not resolve DNS.  Plus, since you've installed PFsense as your gateway, you know longer need your wifi router to function as the gateway… you're just adding unnecessary complexity by double NATing... you should disable DHCP on your wifi router and plug into a LAN port.

      1 Reply Last reply Reply Quote 0
      • J
        jackbean
        last edited by Jan 9, 2015, 5:42 AM Jan 9, 2015, 5:27 AM

        Network looks like this
        modem – Pfsense -- 8 port unmanaged switch. The unmanaged switch has the server connected to it and my home network ap and guest ap.
        All computers on the network also have the pfsense box as their gateway, i checked to be sure.
        Software firewall on server is disabled

        1 Reply Last reply Reply Quote 0
        • S
          stephenw10 Netgate Administrator
          last edited by Jan 9, 2015, 2:12 PM

          If your guest ap is routing, rather than NATing, then the default LAN firewall rule will not allow the traffic as it won't have source 'LAN net'.
          Check the firewall logs for traffic being blocked on LAN.

          Steve

          1 Reply Last reply Reply Quote 0
          • J
            johnpoz LAYER 8 Global Moderator
            last edited by Jan 9, 2015, 4:07 PM

            "guest wifi ap is also having issues. It has a 192.168.1.9 wan ip and the clients get a 192.168.3.0/24"

            That is not AP.. that is nat router with wifi.  if your pfsense lan is 192.168.1.0/24 then your AP LAN IP should be on that network, and its dhcp server should be OFF.. And pfsense dhcp would give wireless their IPs.  Your "guest ap/wifi router" should be connected to your network via one of its LAN ports if you just want to use it as AP.

            As stated pfsense has NOTHING to do with communication between devices on your lan.. Only if multiple segments that had gateways on pfsense would pfsense be involved in communications between those segments.

            Be it the IP is outside dhcp scope or inside has nothing to do with it.  Devices using your servers bind for dns would have nothing to do with pfsense - other than your server using pfsense to use the internet to get to either roots or what it has setup as dns forwarder?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • J
              jackbean
              last edited by Jan 9, 2015, 6:02 PM

              Yes I suppose it's not a ap becuase of that, sorry for the confusion. But that's not really the main problem anyway. I was goingn to turn dhcp off on the guest router anyway and switch it to opt1 interface at some point. I just don't understand what the issue is between my server and lan clients. I couldn't ping the server at all after I switched to my pfsense router. The default gateway didn't even change during the switch and the server has a static ip. I understand pfsense isn't involed in lan to lan traffic on the same interface but this is just odd. I don't understand what is causing this issue.

              1 Reply Last reply Reply Quote 0
              • S
                stephenw10 Netgate Administrator
                last edited by Jan 9, 2015, 6:48 PM

                "couldn't ping" is unhelpful.  ;)
                What error was given when you tried to ping the server?

                There could be several causes here.
                You clients can't ping the server because they have no route to it. This could be a bad gateway, bad subnet mask, some static route issue.
                The client can ping but they receive no reply. Perhaps the server doesn't have a route back to the clients.
                Given that the server can ping the clients and receive a reply it seems very likely that the server just isn't responding for some reason. Local firewall as Jon suggested would be my first check but you've looked for that.

                Are you pinging by IP or network name?
                Some IPv6/v4 issue? Seems unlikely. What OS is your server?

                Steve

                1 Reply Last reply Reply Quote 0
                • J
                  jackbean
                  last edited by Jan 9, 2015, 7:16 PM

                  Unfortunately or (fortunately) the server is responding from pings from all lan clients now so i cant tell you exactly what the error was. It was either request timeout or destination host unreachable, im sorry if thats not very helpful but i cant remember. I was pinging the IP. The os of my server is windows 7, maybe some wouldn't call windows 7 a server OS but it works fine for my purposes. I only use ipv4 on my lan btw. The thing that is odd now is that some things are working with the server and some arent. Such as vnc, i am able to connect with my mac and pc but not my iphone. I haven't tested that on any other computers yet. Also my DLNA server is no longer accessible from my fire tv. Yet i was able to access the dlna server from my iphone. It seems to be selective for some reason but nothing besides the router has changed. The gateway and subnet mask stayed the same during this switch.

                  Also I changed the dns server of the mac and using dig tested dns query times and they seem to be as quick as before. But on my laptop they can be a hit or miss which is confusing.

                  1 Reply Last reply Reply Quote 0
                  • S
                    stephenw10 Netgate Administrator
                    last edited by Jan 9, 2015, 7:22 PM

                    Stale ARP cache somewhere?

                    1 Reply Last reply Reply Quote 0
                    • J
                      johnpoz LAYER 8 Global Moderator
                      last edited by Jan 9, 2015, 7:38 PM

                      Again what does this have to do with pfsense.. Your devices are connected to a dumb switch via AP - which has nothing to do with pfsense.  Pfsense in how I am understanding your network is gateway to internet only.  All devices talking to each other have nothing to do with pfsense.

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                      1 Reply Last reply Reply Quote 0
                      • S
                        stephenw10 Netgate Administrator
                        last edited by Jan 9, 2015, 7:47 PM

                        Exactly. What has changed here? Well the since you've got a new DHCP server it's entirely possible that all the clients using DHCP have got new addresses. If your server has some cache that is still referencing the old IPs then that might explain it. Without meaning to sound insulting; 'have you tried turning it off and on again'?  :P

                        Also unless you have explicitly disabled IPv6 in pfSense it will be using it to some extent. Many OSs default to using IPv6 if it's available at all. Possible your old router had no IPv6 capability so that's also a change.

                        Steve

                        1 Reply Last reply Reply Quote 0
                        • J
                          jackbean
                          last edited by Jan 9, 2015, 8:40 PM

                          Ipv6 is disabled in pfsense. My router isnt really old its a wndr3700 ddwrt router. I guess it has nothing to do with pfsense but it seems logical that there is an issue with it somewhere because it worked before pfsense replace my ddwrt router. And yes lol i have tried restarting it.

                          1 Reply Last reply Reply Quote 0
                          • M
                            marvosa
                            last edited by Jan 9, 2015, 11:01 PM

                            OP, I think the main issue here is…given your setup (Modem -> PFsense -> Lan) and what you're trying to do... I think we all agree that the issue is not PFsense related.  That being said, there are still some of us who are willing to help troubleshoot out of curiosity and others who are not.  The one's who are willing to help require more intimate details about your network.  e.g:

                            • add IP's to your network map, so we can get a better sense of what's going on and where things are connected

                            • post your LAN IP scheme

                            • post your DHCP scope options

                            • post the IP, mask, gateway and DNS of the machine's your having issues with

                            In short, there is a certain subset of people who are happy to help, but we would all just be making assumptions and speculating without more details.

                            1 Reply Last reply Reply Quote 0
                            • J
                              jackbean
                              last edited by Jan 9, 2015, 11:51 PM

                              ok i understand.
                              gateway IP is 192.168.1.1, server is 192.168.1.8, and dhcp clients get ips between 192.168.1.100-200.
                              Server ip=192.168.1.8, mask=255.255.255.0, dns=127.0.0.1(runs bind dns server).
                              Let me know if anyone needs more info.

                              1 Reply Last reply Reply Quote 0
                              • J
                                johnpoz LAYER 8 Global Moderator
                                last edited by Jan 10, 2015, 3:27 AM

                                Ok so from a client..  Ping 192.168.1.8, now look in your arp cache.

                                C:>ping 192.168.1.8

                                Pinging 192.168.1.8 with 32 bytes of data:
                                Reply from 192.168.1.8: bytes=32 time=1ms TTL=128
                                Reply from 192.168.1.8: bytes=32 time<1ms TTL=128

                                Ping statistics for 192.168.1.8:
                                    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
                                Approximate round trip times in milli-seconds:
                                    Minimum = 0ms, Maximum = 1ms, Average = 0ms
                                Control-C
                                ^C
                                C:>arp -a

                                Interface: 192.168.1.100 –- 0xc
                                  Internet Address      Physical Address      Type
                                  192.168.1.7          00-0c-29-dd-02-ba    dynamic
                                  192.168.1.8          00-0c-29-55-4f-95    dynamic
                                  192.168.1.40          00-1f-29-54-17-14    dynamic
                                  192.168.1.219        00-0c-29-67-0d-fb    dynamic
                                  192.168.1.253        00-0c-29-1e-18-ae    dynamic
                                  224.0.0.22            01-00-5e-00-00-16    static
                                  224.0.0.251          01-00-5e-00-00-fb    static
                                  239.255.255.250      01-00-5e-7f-ff-fa    static
                                  255.255.255.255      ff-ff-ff-ff-ff-ff    static

                                Do you get mac - is it correct.. Check on the server.  ipconfig /all will show you mac or ifconfig on linux.

                                Is this client wired or wireless..  If wireless - connect it to the same switch that server is connected too.  Does it work now?

                                You do understand the windows firewall will block ping out of the box..  Especially if public setting for the network.  If you change the gateway of windows machine - it will see it as new network, so if your profile was home/private before and you change out your old router with new router.  Windows could now see that as public network and all firewall rules change, etc..

                                If you see the mac address and does not answer ping - then its 99% sure its software firewall running on 192.168.1.8 – and if you can ping 192.168.1.100 from .8 I would say 99.99% firewall issue on .8

                                An intelligent man is sometimes forced to be drunk to spend time with his fools
                                If you get confused: Listen to the Music Play
                                Please don't Chat/PM me for help, unless mod related
                                SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                                1 Reply Last reply Reply Quote 0
                                • J
                                  jackbean
                                  last edited by Jan 10, 2015, 5:00 AM

                                  I am not having issues with ping anymore and my windows firewall is disabled and the network is set as a private network in windows. The issues i am having now is that certain services on the server do not work or are slow now. Maybe its because of how the network is setup. Because its like this
                                  Modem - Pfsense - Switch

                                  Devices connected to the switch are the server, wired lan clients, and the AP. This might be the bottleneck. I could connect the server directly to the AP because it is basically a switch now as well and it has 4 gigabit lan ports. I dont really see how this could be slowing it down but maybe it is? But its really not just the slow down, things just are not working correctly.
                                  Might uninstall windows and switch to a Linux flavored OS.

                                  1 Reply Last reply Reply Quote 0
                                  • J
                                    johnpoz LAYER 8 Global Moderator
                                    last edited by Jan 10, 2015, 1:41 PM

                                    What things are not working or what is slow?  What is your switch?  Maybe you have a duplex mismatch? from the switch to the AP?  Are things slow when 2 devices connected to the switch?  Is the switch 100 or gig?

                                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                                    If you get confused: Listen to the Music Play
                                    Please don't Chat/PM me for help, unless mod related
                                    SG-4860 24.11 | Lab VMs 2.7.2, 24.11

                                    1 Reply Last reply Reply Quote 0
                                    • J
                                      jackbean
                                      last edited by Jan 10, 2015, 8:33 PM Jan 10, 2015, 8:21 PM

                                      Dns lookups are slow to the server. Vnc is not working only on my iphone for some reason. It works on my ipad and laptop. SMB seems to be the same speed although smb over Ethernet is incredibly fast, faster than before actually. I am getting like 110 MB/sec which is almost the full gigabit connection. Also plex doesnt work at all on my wireless clients.

                                      My switch is some d-link unmanged gigabit switch. A duplex mismatch from the AP to the switch could make some sense. Not sure how to check the duplex on ddwrt though.

                                      Maybe i could try plugging the ddwrt router into a port on the pfsense box and making it another lan port so it can communicate to the server and see if speeds are better.

                                      I think it defitinley has something to do with the wireless AP causing these issues. Maybe i could try turning on STP or something on it?

                                      1 Reply Last reply Reply Quote 0
                                      • J
                                        jackbean
                                        last edited by Jan 14, 2015, 8:51 AM

                                        Well I guess I'm gonna buy another access point or revert to the stock firmware on my current router and see if things change because I am still having issues.

                                        1 Reply Last reply Reply Quote 0
                                        3 out of 19
                                        • First post
                                          3/19
                                          Last post
                                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                          This community forum collects and processes your personal information.
                                          consent.not_received