Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No communication between ranges

    Scheduled Pinned Locked Moved DHCP and DNS
    13 Posts 4 Posters 2.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Q
      qqlaw
      last edited by

      i have a subnet mask of /22 but why is it that my 192.168.1.xx will not communicate with 192.168.0.xx?

      I try to ssh to 192.168.0.5 from 192.168.1.20 and it wont let me… if they are both in the same IP range everything works fine.

      pfsense lan: 192.168.0.253
      Subnet 192.168.0.0
      Subnet mask 255.255.252.0
      Available range 192.168.0.1 - 192.168.3.254

      I do NOT have a check mark under DHCP Server - Enable Static ARP entries

      and its not just ssh, any port i try to access wont work, http, win file server etc... both computers have to be in the same range or they cannot connect to each other.

      The strange part is that when i try to Ping an ip in a different range it responds just fine!

      Thank you!

      1 Reply Last reply Reply Quote 0
      • D
        doktornotor Banned
        last edited by

        That traffic would NOT go through the firewall at all IF you configured that correctly… So, no, you do NOT have /22 apparently.

        1 Reply Last reply Reply Quote 0
        • Q
          qqlaw
          last edited by

          What is wrong with my configuration?  :-\

          1 Reply Last reply Reply Quote 0
          • D
            doktornotor Banned
            last edited by

            How exactly could we know? You posted nothing about your configuration…

            1 Reply Last reply Reply Quote 0
            • Q
              qqlaw
              last edited by

              I added a new Firewall Rule:

              Interface: LAN
              Protocol: Any
              Source: Any
              Destination: Any

              and now i am able to ssh and http to my different ip ranges but i still cannot connect to my file server.

              My fileserver is on Windows 2012 R2 using Active Directory

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                Well any any is the default rule on your lan so not really adding anything there..  Your file server have firewall running?  What zone is it in, public, home/work?  More than likely firewall rules in windows that allow file access going to block access from other segments.  You would have to adjust those rules, or just turn off the local firewall on that server.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • Q
                  qqlaw
                  last edited by

                  The file server is in our domain name and my windows server is NOT running any local firewall.  Windows firewall is off completely.

                  This is the rule i was refering to: (i even tried chaning protocol to Any)

                  1 Reply Last reply Reply Quote 0
                  • D
                    doktornotor Banned
                    last edited by

                    Where exactly in there can you see the "Protocol: Any" you claimed to have added? Ping does not use TCP. Regardless, let me repeat: this traffic does NOT go through the firewall. That screenshot is just irrelevant. If that traffic DOES hit the firewall, you have your network severely misconfigured as already noted in my first reply.

                    1 Reply Last reply Reply Quote 0
                    • DerelictD
                      Derelict LAYER 8 Netgate
                      last edited by

                      Every host and device on your network has to be configured with the /22 netmask.

                      Are you really going to have more than 250 hosts on this subnet?  If not, why mess around with a wonky netmask? Everyone expects /24.

                      You have "ranges" in your subject.  A /22 is ONE and ONLY ONE subnet: 192.168.0.1  - 192.168.3.254.

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • Q
                        qqlaw
                        last edited by

                        In the screenshot i have it as TCP but i changed it to Protocol Any and i still could not access my fileserver.

                        By adding that rule in the screen shot i am now able to access my ssh and http between the two ip ranges.  So that rule did help, the only thing i cannot connect to still is the Windows Fileserver.

                        Can you please tell me what am i doing wrong? how is my network misconfigured?
                        And yes i do need more than 250 hosts unfortinately.  :-\

                        Here is my DHCP Server settings:

                        1 Reply Last reply Reply Quote 0
                        • DerelictD
                          Derelict LAYER 8 Netgate
                          last edited by

                          Dude.  If you want to have a /22 subnet and have hosts anywhere in the range 192.168.0.0 - 192.168.3.255

                          The firewall is not involved in traffic among those hosts at all.

                          Stop looking at the firewall and look at your host configurations.  Check that all your hosts have a /22 netmask. Pay particular attention to those you have configured statically.

                          Chattanooga, Tennessee, USA
                          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                          Do Not Chat For Help! NO_WAN_EGRESS(TM)

                          1 Reply Last reply Reply Quote 0
                          • Q
                            qqlaw
                            last edited by

                            Oops!

                            Well when you put it in red like that lol.. yea the fileserver was picking up the wrong netmask :( its all good now thank you everyone!

                            1 Reply Last reply Reply Quote 0
                            • johnpozJ
                              johnpoz LAYER 8 Global Moderator
                              last edited by

                              what screenshot???  Don't see any screenshots… Or links to images, nothing..

                              An intelligent man is sometimes forced to be drunk to spend time with his fools
                              If you get confused: Listen to the Music Play
                              Please don't Chat/PM me for help, unless mod related
                              SG-4860 24.11 | Lab VMs 2.8, 24.11

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.