No communication between ranges



  • i have a subnet mask of /22 but why is it that my 192.168.1.xx will not communicate with 192.168.0.xx?

    I try to ssh to 192.168.0.5 from 192.168.1.20 and it wont let me… if they are both in the same IP range everything works fine.

    pfsense lan: 192.168.0.253
    Subnet 192.168.0.0
    Subnet mask 255.255.252.0
    Available range 192.168.0.1 - 192.168.3.254

    I do NOT have a check mark under DHCP Server - Enable Static ARP entries

    and its not just ssh, any port i try to access wont work, http, win file server etc... both computers have to be in the same range or they cannot connect to each other.

    The strange part is that when i try to Ping an ip in a different range it responds just fine!

    Thank you!


  • Banned

    That traffic would NOT go through the firewall at all IF you configured that correctly… So, no, you do NOT have /22 apparently.



  • What is wrong with my configuration?  :-\


  • Banned

    How exactly could we know? You posted nothing about your configuration…



  • I added a new Firewall Rule:

    Interface: LAN
    Protocol: Any
    Source: Any
    Destination: Any

    and now i am able to ssh and http to my different ip ranges but i still cannot connect to my file server.

    My fileserver is on Windows 2012 R2 using Active Directory


  • LAYER 8 Global Moderator

    Well any any is the default rule on your lan so not really adding anything there..  Your file server have firewall running?  What zone is it in, public, home/work?  More than likely firewall rules in windows that allow file access going to block access from other segments.  You would have to adjust those rules, or just turn off the local firewall on that server.



  • The file server is in our domain name and my windows server is NOT running any local firewall.  Windows firewall is off completely.

    This is the rule i was refering to: (i even tried chaning protocol to Any)


  • Banned

    Where exactly in there can you see the "Protocol: Any" you claimed to have added? Ping does not use TCP. Regardless, let me repeat: this traffic does NOT go through the firewall. That screenshot is just irrelevant. If that traffic DOES hit the firewall, you have your network severely misconfigured as already noted in my first reply.


  • LAYER 8 Netgate

    Every host and device on your network has to be configured with the /22 netmask.

    Are you really going to have more than 250 hosts on this subnet?  If not, why mess around with a wonky netmask? Everyone expects /24.

    You have "ranges" in your subject.  A /22 is ONE and ONLY ONE subnet: 192.168.0.1  - 192.168.3.254.



  • In the screenshot i have it as TCP but i changed it to Protocol Any and i still could not access my fileserver.

    By adding that rule in the screen shot i am now able to access my ssh and http between the two ip ranges.  So that rule did help, the only thing i cannot connect to still is the Windows Fileserver.

    Can you please tell me what am i doing wrong? how is my network misconfigured?
    And yes i do need more than 250 hosts unfortinately.  :-\

    Here is my DHCP Server settings:


  • LAYER 8 Netgate

    Dude.  If you want to have a /22 subnet and have hosts anywhere in the range 192.168.0.0 - 192.168.3.255

    The firewall is not involved in traffic among those hosts at all.

    Stop looking at the firewall and look at your host configurations.  Check that all your hosts have a /22 netmask. Pay particular attention to those you have configured statically.



  • Oops!

    Well when you put it in red like that lol.. yea the fileserver was picking up the wrong netmask :( its all good now thank you everyone!


  • LAYER 8 Global Moderator

    what screenshot???  Don't see any screenshots… Or links to images, nothing..


Log in to reply