Mystery ping problem - blacklisted IP?

  • Ok this one has me pulling hair. I have a WAN, LAN, and DMZ. I have a device in the DMZ with IP and a workstation in the LAN with IP

    Any workstation or device in the LAN that I set up with IP cannot talk to or ping… but if I change the workstation IP to or any other IP in the subnet, it can ping I've set up 3 different devices with IP and none of them can ping through pfSense to

    So, I went to the usual checks... checked the firewall rules, checked NAT tables, checked ARP tables, checked pretty much everything I can think of and nothing is making any sense.

    A couple days ago we did have a spanning tree issue where two links were causing redundant packets that sent the network into a tizzy... so i started to think if there was something in pfSense that was doing anything like IDS or something that might shut down certain routes or anything for "misbehaving" IPs that I should check?

  • Well ok… that's annoying, and a bit scary. A reboot of pfSense solved the issue. I'm rusty on my Microsoft training - step 1) reboot. I thought pfSense was a bit more robust than?

  • LAYER 8 Global Moderator

    Well you should not be natting between 2 lan segments.. So you checked the arp table and pfsense arp table showed correct for the machine you were putting the .40 address on?  Could the .40 ping pfsense interface?

    I have never had to reboot pfsense because something wasn't working, I have had to clear states for a specific connection sometimes when trying to block something when there was a state already.  Only time had to reboot pfsense was when updating it.

    So your connections to pfsense from this .40 box is just to switch and then pfsense interface on same switch.  Your just doing dumb switch or do you have vlans setup, etc. etc.

Log in to reply