Cannot ping another subnet? (SOLVED)
-
Hi,
I was wondering if someone could help me on why I cannot seem to ping another subnet.Ok this is my setup I have a windows server 10.10.1.200/24 giving the DHCP and DNS but the DHCP scope is 10.10.2.0/21
All my servers are on the 10.10.1.1/24 and they can ping and navigate fine but the users that have the 10.10.2.0/21 cannot ping pfsense which is on 10.10.1.218.
Here are some screen shots I have been trying and nothing :(
Thank you
-
WTF? You're going to have nothing but problems. You obviously have to do some reading about how IP works and the concept of broadcast and network addresses.
-
lolz.. I know…this is not my setup its someone else that im helping them change from Iptables to pfSense but When i saw that his DHCP was a different scope and a different subnet i wanted to shoot myself. But let say would it be possible? He had it working with Iptables not sure how.
Or do i need to use a routing table? or something?
-
10.10.2.0/21 is not multiple subnets but one subnet.
What is the IP address and netmask on the LAN interface?
What is the IP address and netmask of one of the hosts that can't ping pfSense?
Totally FUBAR. I wouldn't concentrate on making a broken config work. I'd concentrate on fixing it.
-
Hey,
Thank you for the reply sorry that i have not been very clear been having those legendary bad weeks :(I told him why on hell did you do that he said because the 10.10.1.0/24 was full and he would give it static to the servers and the IP phones so needed to create another range for the IP 10.10.2.0/21
Here is a picture something like this he has more stuff but if 10.10.2.86 can ping pfsense then everything is good but not sure what to do never had to ping a different subnet
Thank you again :)
-
You did not answer my specific questions.
What is the IP address and netmask on the LAN interface?
What is the IP address and netmask of one of the hosts that can't ping pfSense?
-
Hi thank you for the reply sorry that i was not clear my lan on pfSense is 10.10.1.0/24
Using as an example one of the computer is givin the DHCP buy windows server a 10.10.2.86 with subnet of /21.Thank you
-
OK so think about it for a second.
You have a host with an interface configuration of 10.10.2.86/21. Its broadcast address is 10.10.7.255.
The pfSense interface has an address of 10.10.1.0/24 (That's probably also a mistake and is probably 10.10.1.1/24 or something, but it doesn't matter) the pfSense interface is listening for broadcasts on its broadcast address, which is 10.10.1.255.
Same broadcast domain, different broadcast addresses.
You are going to have NOTHING but problems. That network needs to be completely redesigned.
-
You have a host with an interface configuration of 10.10.2.86/21. Its broadcast address is 10.10.7.255.
you mean 10.10.2.255?
Quick question how come its possible with iptables they can ping each other by adding the rules.
Also Maybe im missing something by adding maybe a static route. Because the user gets the IP from the windows server DHCP 10.10.2.86 with subnet of 255.255.248.0 and gateway pfsense 10.10.1.218. I also logged the packets I can see the allows.
Thank you
-
-
you mean 10.10.2.255?
nope.
10.10.2.86/21 also means:
| Network address: | 10.10.0.0 |
| Host-IPs from: | 10.10.0.1 |
| Host-IPs to: | 10.10.7.254 |
| Broadcast address: | 10.10.7.255 |
| |
| # of hosts: | 2046 |… how come its possible with iptables they can ...
In a broken setup like yours everything's possible. It's unpredictable.
That is why Derelict tells you like a mantra: get your network fixed first.
I have veneration for him doing so over-and-over again. -
ah, NOW I see your problem: the PC is missing, that's why you can't ping to/from it! ;D ;D ;D ;D ;D
 -
You have a host with an interface configuration of 10.10.2.86/21. Its broadcast address is 10.10.7.255.
you mean 10.10.2.255?
No, I mean 10.10.7.255. That is the IP broadcast address for a host configured with 10.10.2.86/21. Don't believe me, how about my handy calculator?
And it doesn't matter. 10.10.1.255 != 10.10.2.255 either.
Quick question how come its possible with iptables they can ping each other by adding the rules.
Don't know don't care. That design is broken. I don't hassle making broken configs "work". I fix them.
 -
thanks for the replies,
alright so let me start from scratchSo all the servers will be on the 10.10.1.0/24
pfSense will have an Ip of 10.10.1.218 the gateway
with LAN 10.10.1.218/24
Then the windows server 2012r2 which has an ip of 10.10.1.200
gives out the DHCP of 10.10.2.0/24So would i need to reconfigure my DHCP scope?
So i setup a separate test environment
internet–----pfSense-------switch-----computer static ip 10.10.2.86/24
I see the arp but when i try to ping nothing :(
Thank you
-
Dude.
Then the windows server 2012r2 which has an ip of 10.10.1.200 gives out the DHCP of 10.10.2.0/24
10.10.1.0/24 and 10.10.2.0/24 need to be different network segments. THEY CANNOT SHARE THE SAME WIRE (aka broadcast domain) if you want the network to behave in a sane fashion.
-
Dude.
Im so sorry im not sure why im so confused if its this week..
Alright i got that it has to be a different segment which he has it right now as 10.10.2.86 with subnet of 255.255.248.0
So not sure what I need to change or am i overthinking it?
Thank you and sorry for being so retarded :(
-
Two different segments - two different pfSense interfaces (physical or VLAN). with routing between 10.10.1.0/24 and 10.10.2.0/24.
Like I said that network needs a complete redesign.
-
WELLL i feel like an idiot….all i had to do is change pfSense LAN to /21 .....i dont know why i complicated myself something so simple..
Thanks again
-
SMH
-
its those days that nothing works out…But now that i told my friend to change the whole network hes going back to 192.168.1.1/24 and putting VLANS so the network does not get congested
Thanks again