Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense can't ping an IP address after a certain time

    Scheduled Pinned Locked Moved Virtualization
    7 Posts 2 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      ketchup31
      last edited by

      Hi and sorry for my english.

      I have a strange problem. After a certain time i can't reach an IP adddress from the pfSense PC (Web and by command Line) which is yet reachable via another computer.

      My software configuration is the  following:
      –------------------------------------------------

      • ESXi 6.0
      • pfSense 2.2.6
      • CentOS 7 for the PC that i try to ping

      My network topolgy is the following:

      WAN->pfSense (VM)->LAN1 (DHCP 10.254.239.0)-->VMs with Web applications
                                    ->LAN2 (DHCP 10.254.2.0) --> Users

      • pfSense is installed in a Virtual Machine
      • LAN1 is in charge to manage the network of all VMs which contain web applications
      • LAN2 is in charge to connect the users who use the web applications available from LAN1

      Context:

      I Have one VM that have 2 network cards that we can called LAN1-PCx-ETH0 and LAN1-PCx-ETH1. The ip addresses of the LAN1-PCx-ETH0 & LAN1-PCx-ETH1 are declared as static addresses in the DHCP of my LAN1.
      When i boot all my VMs I can reach from pfSense VM all my IPs addresses by a single ping.
      After a certain time, for this machine, and only from the pfSense VM, i can't ping the LAN1-PCx-ETH1 and sometimes LAN1-PCx-ETH0. But i can reach both from another VM.
      I tried to ping with the IP addresses and hostnames.

      Maybe i did something rong but i don't see what and where ?

      Any help will be really appreciated  :D

      Thank you to all for your support.

      Pascal

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        why do you have 2 nics on a a vm in the same network??

        Are these vms all on the same host?  Is there any physical network involved?

        What does pfsense show for the mac in its arp table for the IP your trying to ping?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • K
          ketchup31
          last edited by

          Hi,

          Thank you for your reply.

          The application that i use needs 2 network interfaces.
          The VMs are on the same host (ESXi Server)
          There is no physical network involved for the VMs. Physical network are only linked to pfSense, one is a physical Ethernet port available on my machine, and the second wan (called LAN2) is an USB/Ethernet interface. For all orthers machine everything works fine.
          Finally, the arp table contains the good information regarding these two IPs (crowdsource.eovalue.dmo and crowdserver.eovalue.dmo)

          I have to precise that after a certain time the connection comes back ??? Without any change in my configuration.

          
? (10.254.2.1) at 00:10:60:dd:ab:c8 on ue0 permanent [ethernet]
3d.eovalue.dmo (10.254.239.91) at 00:50:56:00:02:55 on em1 expires in 992 seconds [ethernet]
app.eovalue.dmo (10.254.239.90) at 00:0c:29:66:3f:89 on em1 expires in 1133 seconds [ethernet]
auth.eovalue.dmo (10.254.239.89) at 00:0c:29:c1:88:33 on em1 expires in 335 seconds [ethernet]
owncloud.eovalue.dmo (10.254.239.95) at 00:0c:29:fd:46:d5 on em1 expires in 231 seconds [ethernet]
mapproxy.eovalue.dmo (10.254.239.94) at 00:0c:29:88:2f:4d on em1 expires in 407 seconds [ethernet]
3D-LAN2.eovalue.dmo (10.254.239.93) at 00:50:56:00:02:70 on em1 expires in 992 seconds [ethernet]
3D-LAN3.eovalue.dmo (10.254.239.92) at 00:50:56:00:02:71 on em1 expires in 1183 seconds [ethernet]
geoserver.eovalue.dmo (10.254.239.114) at 00:0c:29:55:fc:9c on em1 expires in 639 seconds [ethernet]
zoneminder.eovalue.dmo (10.254.239.106) at 00:0c:29:e2:18:39 on em1 expires in 1195 seconds [ethernet]
crowdserver.eovalue.dmo (10.254.239.97) at 00:0c:29:91:97:68 on em1 expires in 697 seconds [ethernet]
crowdsource.eovalue.dmo (10.254.239.96) at 00:0c:29:91:97:5e on em1 expires in 460 seconds [ethernet]
pfSense.eovalue.dmo (10.254.239.1) at 00:0c:29:90:03:40 on em1 permanent [ethernet]
? (10.100.133.222) at 00:0c:29:90:03:36 on em0 permanent [ethernet]
          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            well when you can not ping it what is in your arp table?  If you can not arp for it, then no your not going to be able to ping it..  Is the machine going to sleep or something?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • K
              ketchup31
              last edited by

              Yes this arp table is what i have when i can't ping.
              No the machine is not set to sleep. It is really strange. And sometimes the link comes back and i can ping it, then sometimes later i could'nt.

              1 Reply Last reply Reply Quote 0
              • johnpozJ
                johnpoz LAYER 8 Global Moderator
                last edited by

                so you have the correct mac in the arp table and you can not ping it.. I would sniff on the machine your trying to ping and validate it sees the ping request, and then see if it sends a response.

                If you have correct mac in your arp, I would guess firewall on host maybe?  Or packets getting lost somewhere - need to figure out which it is.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                1 Reply Last reply Reply Quote 0
                • K
                  ketchup31
                  last edited by

                  OK, thank you for the investigation. I have to sniff the packets exchanged beetween the firewall and the client machine. I will come back to you soon with the trace.

                  Thanx again.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.