Virtual IP route issue?
-
Hi There
I am using pfSense 2.2.5
My LAN subnet is 192.168.1.0/24. I have added a virtual IP to the LAN interface of 10.10.10.1 with mask of /24. The WAN interface is 192.168.99.0/24 (test) and there is no NAT set up between the 10.10.10.* range and WAN. I have a rule to allow all ICMP from any source/destination. Host in 10.10.10.* range has gateway of 10.10.10.1 which is the Virtual IP added to the LAN interface.
Currently, I am unable to ping from a host in the 10.10.10.* subnet to a host in 192.168.99.* - am I missing some obvious reason why this won't work?
If I look at the firewall log I can see ICMP traffic allowed from the 10.10.10.* host, but the ping has no reply.
Thanks in advance for any advice
Peter -
What type of VIP are you using? Some must be in the same subnet as the interface that's assuming them.
https://doc.pfsense.org/index.php/What_are_Virtual_IP_Addresses
-
I'm using the IP Alias type - hosts are in the 10.10.10.0/24 and the virtual IP is 10.10.10.1
Is that what you mean?
-
Yes. I'll see if I can find time to simulate this this afternoon.
-
That's much appreciated - thank you
-
OK, I Just whipped it up in my ESXi lab. Works fine for me.
WAN: 10.10.20.1/16
LAN: 192.168.20.1/24
DMZ: 172.16.20.1/24
VIP: 172.16.30.1/24Lubutunu box @ 172.16.30.10 can ping other Lubuntu box @ 192.168.20.10.
Maybe something burped and you should delete and recreate that VIP. Also, you might have a rules issue so perhaps post your LAN rules.