Mystery ping problem - blacklisted IP?
-
Ok this one has me pulling hair. I have a WAN, LAN, and DMZ. I have a device in the DMZ with IP 192.168.1.50 and a workstation in the LAN with IP 10.0.3.40.
Any workstation or device in the LAN that I set up with IP 10.0.3.40 cannot talk to or ping 192.168.1.50… but if I change the workstation IP to 10.0.3.41 or any other IP in the subnet, it can ping 192.168.1.50. I've set up 3 different devices with IP 10.0.3.40 and none of them can ping through pfSense to 192.168.1.50.
So, I went to the usual checks... checked the firewall rules, checked NAT tables, checked ARP tables, checked pretty much everything I can think of and nothing is making any sense.
A couple days ago we did have a spanning tree issue where two links were causing redundant packets that sent the network into a tizzy... so i started to think if there was something in pfSense that was doing anything like IDS or something that might shut down certain routes or anything for "misbehaving" IPs that I should check?
-
Well ok… that's annoying, and a bit scary. A reboot of pfSense solved the issue. I'm rusty on my Microsoft training - step 1) reboot. I thought pfSense was a bit more robust than?
-
Well you should not be natting between 2 lan segments.. So you checked the arp table and pfsense arp table showed correct for the machine you were putting the .40 address on? Could the .40 ping pfsense interface?
I have never had to reboot pfsense because something wasn't working, I have had to clear states for a specific connection sometimes when trying to block something when there was a state already. Only time had to reboot pfsense was when updating it.
So your connections to pfsense from this .40 box is just to switch and then pfsense interface on same switch. Your just doing dumb switch or do you have vlans setup, etc. etc.