Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    No communication between ranges

    DHCP and DNS
    4
    13
    1984
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Q
      qqlaw last edited by

      i have a subnet mask of /22 but why is it that my 192.168.1.xx will not communicate with 192.168.0.xx?

      I try to ssh to 192.168.0.5 from 192.168.1.20 and it wont let me… if they are both in the same IP range everything works fine.

      pfsense lan: 192.168.0.253
      Subnet 192.168.0.0
      Subnet mask 255.255.252.0
      Available range 192.168.0.1 - 192.168.3.254

      I do NOT have a check mark under DHCP Server - Enable Static ARP entries

      and its not just ssh, any port i try to access wont work, http, win file server etc... both computers have to be in the same range or they cannot connect to each other.

      The strange part is that when i try to Ping an ip in a different range it responds just fine!

      Thank you!

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned last edited by

        That traffic would NOT go through the firewall at all IF you configured that correctly… So, no, you do NOT have /22 apparently.

        1 Reply Last reply Reply Quote 0
        • Q
          qqlaw last edited by

          What is wrong with my configuration?  :-\

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned last edited by

            How exactly could we know? You posted nothing about your configuration…

            1 Reply Last reply Reply Quote 0
            • Q
              qqlaw last edited by

              I added a new Firewall Rule:

              Interface: LAN
              Protocol: Any
              Source: Any
              Destination: Any

              and now i am able to ssh and http to my different ip ranges but i still cannot connect to my file server.

              My fileserver is on Windows 2012 R2 using Active Directory

              1 Reply Last reply Reply Quote 0
              • johnpoz
                johnpoz LAYER 8 Global Moderator last edited by

                Well any any is the default rule on your lan so not really adding anything there..  Your file server have firewall running?  What zone is it in, public, home/work?  More than likely firewall rules in windows that allow file access going to block access from other segments.  You would have to adjust those rules, or just turn off the local firewall on that server.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

                1 Reply Last reply Reply Quote 0
                • Q
                  qqlaw last edited by

                  The file server is in our domain name and my windows server is NOT running any local firewall.  Windows firewall is off completely.

                  This is the rule i was refering to: (i even tried chaning protocol to Any)

                  1 Reply Last reply Reply Quote 0
                  • D
                    doktornotor Banned last edited by

                    Where exactly in there can you see the "Protocol: Any" you claimed to have added? Ping does not use TCP. Regardless, let me repeat: this traffic does NOT go through the firewall. That screenshot is just irrelevant. If that traffic DOES hit the firewall, you have your network severely misconfigured as already noted in my first reply.

                    1 Reply Last reply Reply Quote 0
                    • Derelict
                      Derelict LAYER 8 Netgate last edited by

                      Every host and device on your network has to be configured with the /22 netmask.

                      Are you really going to have more than 250 hosts on this subnet?  If not, why mess around with a wonky netmask? Everyone expects /24.

                      You have "ranges" in your subject.  A /22 is ONE and ONLY ONE subnet: 192.168.0.1  - 192.168.3.254.

                      Chattanooga, Tennessee, USA
                      The pfSense Book is free of charge!
                      DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • Q
                        qqlaw last edited by

                        In the screenshot i have it as TCP but i changed it to Protocol Any and i still could not access my fileserver.

                        By adding that rule in the screen shot i am now able to access my ssh and http between the two ip ranges.  So that rule did help, the only thing i cannot connect to still is the Windows Fileserver.

                        Can you please tell me what am i doing wrong? how is my network misconfigured?
                        And yes i do need more than 250 hosts unfortinately.  :-\

                        Here is my DHCP Server settings:

                        1 Reply Last reply Reply Quote 0
                        • Derelict
                          Derelict LAYER 8 Netgate last edited by

                          Dude.  If you want to have a /22 subnet and have hosts anywhere in the range 192.168.0.0 - 192.168.3.255

                          The firewall is not involved in traffic among those hosts at all.

                          Stop looking at the firewall and look at your host configurations.  Check that all your hosts have a /22 netmask. Pay particular attention to those you have configured statically.

                          Chattanooga, Tennessee, USA
                          The pfSense Book is free of charge!
                          DO NOT set a source port in a port forward or firewall rule unless you KNOW you need it!
                          Do Not Chat For Help! NO_WAN_EGRESS(TM)

                          1 Reply Last reply Reply Quote 0
                          • Q
                            qqlaw last edited by

                            Oops!

                            Well when you put it in red like that lol.. yea the fileserver was picking up the wrong netmask :( its all good now thank you everyone!

                            1 Reply Last reply Reply Quote 0
                            • johnpoz
                              johnpoz LAYER 8 Global Moderator last edited by

                              what screenshot???  Don't see any screenshots… Or links to images, nothing..

                              An intelligent man is sometimes forced to be drunk to spend time with his fools
                              If you get confused: Listen to the Music Play
                              Please don't Chat/PM me for help, unless mod related
                              2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post