4. Subnet config question

Subnet config question

  • J

    Hello.  New to pfSense and I'm trying to set up a lab on an existing network to evaluate.  I can ping all the way to WAN gateway including other boxes just outside of the pfSense firewall, but no further like the commonly used IP 8.8.8.8.

    Here's the set up:
    1.)  Internet
    2.)  Firewall 1 (192.168.0.1/24) (pfSense gateway)
    3.)  vmWare vm pfSense (3 Interfaces)
          WAN - (192.168.0.222/24)
          LAN - (Not used in this example)
          LANSandbox - (192.168.12.1/24)

    I've tried everything on this link:
    https://doc.pfsense.org/index.php/Connectivity_Troubleshooting

    I can't get further than trying to ping 8.8.8.8.

    Any help will be appreciated.

    Thanks,
    Joschi

    0

  • How are you pinging, from some LANSandbox client or from pfSense's Diagnostics - Ping?  If you can ping past the pfSense box then the problem is likely upstream with your other firewall.

    0
  • J

    @KOM:

    How are you pinging, from some LANSandbox client or from pfSense's Diagnostics - Ping?  If you can ping past the pfSense box then the problem is likely upstream with your other firewall.

    From Diagnostics.  I've also tried from the client.

    I monitored the ping requests from Firewall 1 and they were allowed.

    0

  • OK, so are the responses being received by your pfSense WAN interface?

    0
  • J

    I have a question on that.  I don't see the diagnostic pings in the firewall logs.  I do however, see the ping requests from client.  Is that by design?

    The ping requests from the client are allowed or passed.  If I filter for WAN interface and ICMP protocol, I do not see any log entries.  Is there a better way to see if WAN is receiving the ICMP responses?

    Thanks,
    Joschi

    0
  • LAYER 8 Global Moderator

    If you ping from pfsense diag, and your saying its allowed on firewall in front of pfsense.  Simple sniff tells you if pings actually left pfsense, and if you see a response.  If you see them leave, and you don't get a response then your problem is in front of pfsense.

    0

  • I have a question on that.  I don't see the diagnostic pings in the firewall logs.

    You will only see a block msg if the rule that does the blocking is set to log.  Also, if the ping is successful then there is no blocking and therefore no logging.

    I do however, see the ping requests from client.

    Unless you have added a firewall rule to allow traffic on your LANSandbox interface (OPT1?) out, all traffic from that network should be blocked and logged.

    Just do a Diagnostics - Packet Capture on the WAN and see if you ping replies are even hitting pfSense.

    0
  • J

    It turns out I was missing a static route on Firewall 1.  I checked this yesterday, but must have made a mistake somewhere.  Anyways, problem solved.

    Thank you for your responses,
    Joschi

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy