subject:"\[pfSense\] pfSense can get to Internet but LAN cannot"

Re: [pfSense] pfSense can get to Internet but LAN cannot

2017-11-30 Thread Steve Yates

1) we're not using NAT
2) ...which means this is the answer because the router on the WAN side doesn't 
know to route that subnet back to the pfSense.  D'oh!

Adding a manual NAT rule lets it work.

--

Steve Yates
ITS, Inc.

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Holger Bauer
Sent: Thursday, November 30, 2017 4:19 PM
To: pfSense support and discussion <list@lists.pfsense.org>
Subject: Re: [pfSense] pfSense can get to Internet but LAN cannot

Hi Steve,

Any chance outbound nat got messed up, when setting up carp? Check the
settings there and check diag>states if nat works.

Holger

Am 30.11.2017 10:43 nachm. schrieb "Steve Yates" <st...@teamits.com>:

Short version: a PC on the LAN cannot ping the router's gateway,
though the router can ping it and get to the Internet.  Routing table looks
OK, default firewall rule isn't blocking packets (rule to allow LAN to any
is in place), and it's not a private IP address.  Looking for suggestions?

We are replacing two routers using CARP with two 4860s.  I edited
the saved configuration files to add two LAGGs, and changed the interfaces
to match the new hardware.  As I said ping/traceroute/nslookup from the
pfSense to the Internet works fine.  Route table shows the proper gateway
IP as the default.  We have tried changing off the LAGGs, no difference.  A
traceroute from the PC shows the pfSense router LAN IP as expected but not
the gateway which is the next hop.  It's as if the routing isn't sending
packets out the WAN?  I have rebooted the routers, and disabled CARP and
disconnected the second router (and changed the PC gateway accordingly).

Changing the PC to an IP on the WAN side and plugging it into the
gateway router works fine to get past the gateway.

--

Steve Yates
ITS, Inc.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense can get to Internet but LAN cannot

2017-11-30 Thread Steve Yates

A couple clarifications...the ping from LAN to the WAN gateway is timing out, 
not saying "unreachable" or something like that.  I can ping the router's WAN 
IP (and CARP WAN IP) from the LAN, as allowed by firewall rule.

--

Steve Yates
ITS, Inc.

-Original Message-
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of Steve Yates
Sent: Thursday, November 30, 2017 3:44 PM
To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org>
Subject: [pfSense] pfSense can get to Internet but LAN cannot

Short version: a PC on the LAN cannot ping the router's gateway, though 
the router can ping it and get to the Internet.  Routing table looks OK, 
default firewall rule isn't blocking packets (rule to allow LAN to any is in 
place), and it's not a private IP address.  Looking for suggestions?

We are replacing two routers using CARP with two 4860s.  I edited the 
saved configuration files to add two LAGGs, and changed the interfaces to match 
the new hardware.  As I said ping/traceroute/nslookup from the pfSense to the 
Internet works fine.  Route table shows the proper gateway IP as the default.  
We have tried changing off the LAGGs, no difference.  A traceroute from the PC 
shows the pfSense router LAN IP as expected but not the gateway which is the 
next hop.  It's as if the routing isn't sending packets out the WAN?  I have 
rebooted the routers, and disabled CARP and disconnected the second router (and 
changed the PC gateway accordingly).

Changing the PC to an IP on the WAN side and plugging it into the 
gateway router works fine to get past the gateway.

--

Steve Yates
ITS, Inc.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense can get to Internet but LAN cannot

2017-11-30 Thread Holger Bauer

Hi Steve,

Any chance outbound nat got messed up, when setting up carp? Check the
settings there and check diag>states if nat works.

Holger

Am 30.11.2017 10:43 nachm. schrieb "Steve Yates" :

Short version: a PC on the LAN cannot ping the router's gateway,
though the router can ping it and get to the Internet.  Routing table looks
OK, default firewall rule isn't blocking packets (rule to allow LAN to any
is in place), and it's not a private IP address.  Looking for suggestions?

We are replacing two routers using CARP with two 4860s.  I edited
the saved configuration files to add two LAGGs, and changed the interfaces
to match the new hardware.  As I said ping/traceroute/nslookup from the
pfSense to the Internet works fine.  Route table shows the proper gateway
IP as the default.  We have tried changing off the LAGGs, no difference.  A
traceroute from the PC shows the pfSense router LAN IP as expected but not
the gateway which is the next hop.  It's as if the routing isn't sending
packets out the WAN?  I have rebooted the routers, and disabled CARP and
disconnected the second router (and changed the PC gateway accordingly).

Changing the PC to an IP on the WAN side and plugging it into the
gateway router works fine to get past the gateway.

--

Steve Yates
ITS, Inc.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] pfSense can get to Internet but LAN cannot

2017-11-30 Thread Steve Yates

Short version: a PC on the LAN cannot ping the router's gateway, though 
the router can ping it and get to the Internet.  Routing table looks OK, 
default firewall rule isn't blocking packets (rule to allow LAN to any is in 
place), and it's not a private IP address.  Looking for suggestions?

We are replacing two routers using CARP with two 4860s.  I edited the 
saved configuration files to add two LAGGs, and changed the interfaces to match 
the new hardware.  As I said ping/traceroute/nslookup from the pfSense to the 
Internet works fine.  Route table shows the proper gateway IP as the default.  
We have tried changing off the LAGGs, no difference.  A traceroute from the PC 
shows the pfSense router LAN IP as expected but not the gateway which is the 
next hop.  It's as if the routing isn't sending packets out the WAN?  I have 
rebooted the routers, and disabled CARP and disconnected the second router (and 
changed the PC gateway accordingly).

Changing the PC to an IP on the WAN side and plugging it into the 
gateway router works fine to get past the gateway.

--

Steve Yates
ITS, Inc.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] pfSense can get to Internet but LAN cannot

Re: [pfSense] pfSense can get to Internet but LAN cannot

Re: [pfSense] pfSense can get to Internet but LAN cannot

[pfSense] pfSense can get to Internet but LAN cannot

4 matches

Site Navigation

Mail list logo

Footer information