Did you add a rule to allow ICMP on the wlan? -lsf
On Thu, Sep 8, 2016, 15:58 Moshe Katz <[email protected]> wrote: > Ray, > > Can you clarify which IP range is assigned where? > We can make an educated guess based on the information you provided, but > it's always better to have confirmation. > > > Moshe > > -- > Moshe Katz > -- [email protected] > -- +1(301)867-3732 > > On Thu, Sep 8, 2016 at 6:06 AM, Ray <[email protected]> wrote: > > > Hi, > > > > I'm running a few ALIX 2D13s with pfsense 2.3.2. > > > > All of them have a bridge configured which incorporates two of the > > Ethernet interfaces and a Wireless interface (some Atheros card). > > > > Apart from that there is an OpenVPN client on each box to connect > > satellite sites. > > > > There is something weird with the bridge which I would like to > understand: > > > > When I connect my laptop to one of the Ethernet ports, I get a correct IP > > from the DHCP server on pfsense and can immediatley ping all the other > > machines at other sites. The Ping echo enters through the Ethernet > > interface into the bridge, from there it's forwarded into the tunnel. The > > echo reply comes back through the tunnel and from there via the > > bridge/Ethernet interface to my laptop, all sweet and as expected: > > > > Here's a tcpdump (while connected via Ethernet) of three consecutive > pings > > (separated by empty lines) on the ovpnc1 interface: > > > > # tcpdump -n -i ovpnc1 icmp and host 192.168.10.236 > > tcpdump: verbose output suppressed, use -v or -vv for full protocol > decode > > listening on ovpnc1, link-type NULL (BSD loopback), capture size 65535 > > bytes > > 09:49:56.816755 IP 192.168.9.20 > 192.168.10.236: ICMP echo request, id > > 16470, seq 6, length 64 > > 09:49:56.917771 IP 192.168.10.236 > 192.168.9.20: ICMP echo reply, id > > 16470, seq 6, length 64 > > > > 09:50:01.817050 IP 192.168.9.20 > 192.168.10.236: ICMP echo request, id > > 16470, seq 7, length 64 > > 09:50:01.949133 IP 192.168.10.236 > 192.168.9.20: ICMP echo reply, id > > 16470, seq 7, length 64 > > > > 09:50:06.817352 IP 192.168.9.20 > 192.168.10.236: ICMP echo request, id > > 16470, seq 8, length 64 > > 09:50:06.951798 IP 192.168.10.236 > 192.168.9.20: ICMP echo reply, id > > 16470, seq 8, length 64 > > > > ... works just as nice on the bridge0 interface: > > > > # tcpdump -n -i bridge0 icmp and host 192.168.10.236 > > tcpdump: verbose output suppressed, use -v or -vv for full protocol > decode > > listening on bridge0, link-type EN10MB (Ethernet), capture size 65535 > bytes > > 09:51:11.820663 IP 192.168.9.20 > 192.168.10.236: ICMP echo request, id > > 16470, seq 21, length 64 > > 09:51:11.909411 IP 192.168.10.236 > 192.168.9.20: ICMP echo reply, id > > 16470, seq 21, length 64 > > > > 09:51:16.820863 IP 192.168.9.20 > 192.168.10.236: ICMP echo request, id > > 16470, seq 22, length 64 > > 09:51:16.918607 IP 192.168.10.236 > 192.168.9.20: ICMP echo reply, id > > 16470, seq 22, length 64 > > > > 09:51:21.821359 IP 192.168.9.20 > 192.168.10.236: ICMP echo request, id > > 16470, seq 23, length 64 > > 09:51:21.915379 IP 192.168.10.236 > 192.168.9.20: ICMP echo reply, id > > 16470, seq 23, length 64 > > > > > > When I change the laptop's connection from Ethernet to Wireless, however, > > the same pings no longer work: > > > > ovpnc1 interface: > > > > # tcpdump -n -i ovpnc1 icmp and host 192.168.10.236 > > tcpdump: verbose output suppressed, use -v or -vv for full protocol > decode > > listening on ovpnc1, link-type NULL (BSD loopback), capture size 65535 > > bytes > > 09:54:58.725486 IP 192.168.9.25 > 192.168.10.236: ICMP echo request, id > > 20822, seq 14, length 64 > > 09:54:58.865643 IP 192.168.10.236 > 192.168.9.25: ICMP echo reply, id > > 20822, seq 14, length 64 > > 09:54:58.865735 IP 10.0.9.2 > 192.168.10.236: ICMP host 192.168.9.25 > > unreachable, length 36 > > > > 09:55:03.726189 IP 192.168.9.25 > 192.168.10.236: ICMP echo request, id > > 20822, seq 15, length 64 > > 09:55:03.816001 IP 192.168.10.236 > 192.168.9.25: ICMP echo reply, id > > 20822, seq 15, length 64 > > 09:55:03.816097 IP 10.0.9.2 > 192.168.10.236: ICMP host 192.168.9.25 > > unreachable, length 36 > > > > 09:55:08.726661 IP 192.168.9.25 > 192.168.10.236: ICMP echo request, id > > 20822, seq 16, length 64 > > 09:55:08.819202 IP 192.168.10.236 > 192.168.9.25: ICMP echo reply, id > > 20822, seq 16, length 64 > > 09:55:08.819296 IP 10.0.9.2 > 192.168.10.236: ICMP host 192.168.9.25 > > unreachable, length 36 > > > > bridge0 interface: > > > > # tcpdump -n -i bridge0 icmp and host 192.168.10.236 > > tcpdump: verbose output suppressed, use -v or -vv for full protocol > decode > > listening on bridge0, link-type EN10MB (Ethernet), capture size 65535 > bytes > > 09:53:53.716169 IP 192.168.9.25 > 192.168.10.236: ICMP echo request, id > > 20822, seq 1, length 64 > > > > 09:53:58.716987 IP 192.168.9.25 > 192.168.10.236: ICMP echo request, id > > 20822, seq 2, length 64 > > > > 09:54:03.717813 IP 192.168.9.25 > 192.168.10.236: ICMP echo request, id > > 20822, seq 3, length 64 > > > > There is something going wrong inside the bridge with the WLAN interface, > > it seems, but I can't figure out what this might be. The bridge setup is > > super simple, no advances settings, just selected the three interfaces, > > that's all. > > > > BTW: The firewalle rules for the tunnel interface and the bridge are > > completely open. > > > > Can someone here please, please give me a pointer on this? I'm seriously > > losing sleep. > > > > Cheers, > > Ray > > > > _______________________________________________ > > pfSense mailing list > > https://lists.pfsense.org/mailman/listinfo/list > > Support the project with Gold! https://pfsense.org/gold > > > _______________________________________________ > pfSense mailing list > https://lists.pfsense.org/mailman/listinfo/list > Support the project with Gold! https://pfsense.org/gold > _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
