4. [SOLVED]Always need to ping to establish a connection

[SOLVED]Always need to ping to establish a connection

  • C

    Always need to ping to establish a connection

    I have two subnet
    192.168.1.0/24  GW:192.168.1.1
    10.1.2.0/24    GW:10.1.2.254
    The pfsense LAN interface IP is 192.168.1.1 , below is pfsense routing table

    | Network | Gateway | Interface | Description |
    | 10.0.0.0/24 | 192.168.1.244 | LAN | LAN2 |

    The 10.1.2.254 is a Freebsd Router ,has two interface below

    192.168.1.244 /24
    10.1.2.254 /24
    default router is 192.168.1.1

    When I using vnc viewer from 10.1.2.0 to 192.168.1.0 , I always need to ping clinet's IP
    , but if I change the clients default gateway to 192.168.1.244 , it is working fine .

    How should I fix this problem , any suggestion will be arrpeciated ,thanks

    0
  • V

    @cesjr:

    The pfsense LAN interface IP is 192.168.1.1 , below is pfsense routing table

    | Network | Gateway | Interface | Description |
    | 10.0.0.0/24 | 192.168.1.244 | LAN | LAN2 |

    A typo at the network?

    0
  • C

    sorry , It should be this , I was paste wrong info :'(

    Network         Gateway             Interface Description
    10.1.2.0/24 192.168.1.244     LAN         LAN2

    0
  • V

    In System > Advanced > Firewall and NAT try to check "Bypass firewall rules for traffic on the same interface".

    0
  • C

    Thanks your suggestion ,after I applies this option , it is working fine , do not need to ping anymore.
    By the way ,why this option is not enable by default ,and why I have to ping ,if I do not enable it.

    0
  • LAYER 8 Netgate

    Because you are trying to hairpin in and back out the same interface which is an unsound network design.

    No idea about the ping. Something tells me you're not really seeing what you think you're seeing.

    0
  • C

    LOL, I think I have to study hard , and watch careful
    What is the best network  design of multiple subnet , In my case ,should I change the 10.1.2.0/24 default gateway to pfsense ,  or let router do routing , gathering  all subnet  gateway on router .

    0
  • LAYER 8 Netgate

    You should talk to the downstream router on a dedicated transit network, not an address on LAN. In the configuration you have you would need to put a route for 10.1.2.0/24 on every LAN client pointing at 192.168.1.244. Otherwise they will send traffic for that network to the default gateway which, in turn, has to hairpin it back out the same interface it came in on.

    0
  • C

    OK , I will think more carefully and adjusting my network design ,thanks :)

    0
  • C

    It's not a good design. But the reason a ping first works is almost certainly because it makes the host pick up the ICMP redirect, then when you try the TCP connection, it routes it directly accordingly.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy