Subnet communication

Oats

Hope this is the right section for this. I am having issues with hosts on 2 subnets communicating with each other. This is a recent setup after a tear down, they were communicating just fine prior to the rebuild.

LAN (192.168.10.1) -> Host1 (192.168.10.10)

OPT1 (192.168.30.1) -> Host2 (192.168.30.10)

Host1 can ping host2 but host2 can't ping host1.

Firewall does not seem to be blocking any traffic, I've tried adding allow rules to see if that worked.

I hope I was able to convey my issue.

chpalmer

What do your OPT1 and LAN firewall rules look like?

Gateway correct on the Host 2 computer?

Oats

OP1 is currently allow any ipv4 and 6
LAN is currently the default (anti-lockout, ipv4 allow to any rule) I had added a LAN rule for any source from OPT1 but it made no difference.

Gateway is good on host2 (192.168.30.1), it can ping LAN and outside.

BJXYZ

You can add an block rule for anything at least  of your ruleset for opt1 and enable log any pakages. Then you can check if ping is blocked by the firewall.

WHen nothing gets blocked perhaps Host1 has a software firewall enabled?

Oats

So here is something strange. I can't get a ping out but VSphere (host1) can connect to ESXi (host2).

Did a LAN rile for allow any - any with logs on. Didn't see any comms from host2 to host1
Tried shutting down host based firewall, no change

Oats

Looks like there is a bigger issue. My LAN connection is randomly going down so that I cannot even ping the firewall or SSH in.
Tried changing the NIC but no change.
Restarting the router gets me connected for a few minutes then dies. But my OPT1 connection is fine (I'm using it right now). LAN was fine a few days ago and just stopped working today.

No idea how to proceed.

UPDATE: Was consoled in and got the following message when the connection dropped:
watchdog timeout
msk1: prefetch unit stuck?
msk: initialization failed: no memory for Rx buffers
msk1: prefetch unit stuck?
msk: initialization failed: no memory for Rx buffers

going to try thishttps://forum.pfsense.org/index.php/topic,57238.0.html

UPDATE: stephenw10's fix above solved the dropping issue. Now back to the original issue.

deanot

You're in the same boat I am, I can't find the fix for it either… did you figure it out?

mikeisfly

@Oats:

Looks like there is a bigger issue. My LAN connection is randomly going down so that I cannot even ping the firewall or SSH in.
Tried changing the NIC but no change.
Restarting the router gets me connected for a few minutes then dies. But my OPT1 connection is fine (I'm using it right now). LAN was fine a few days ago and just stopped working today.

No idea how to proceed.

UPDATE: Was consoled in and got the following message when the connection dropped:
watchdog timeout
msk1: prefetch unit stuck?
msk: initialization failed: no memory for Rx buffers
msk1: prefetch unit stuck?
msk: initialization failed: no memory for Rx buffers

going to try thishttps://forum.pfsense.org/index.php/topic,57238.0.html

UPDATE: stephenw10's fix above solved the dropping issue. Now back to the original issue.

Could be a personal firewall on one of your clients. I would try temporarily disabling it. If that fixes it just add an exception to allow the traffic.