xman111 Posted September 7, 2018 Author Share Posted September 7, 2018 (edited) here is pfsense to Unraid. then log into unraid and ping back to pfsense? or my desktop? just logged into unraid and it can ping pfsense and also my desktop computer. So basically the problem is I cannot log into the web gui on the same subnet and unraid doesn't get internet unless i enter that route manually AFTER it is booted. Edited September 7, 2018 by xman111 Quote Link to comment
ken-ji Posted September 7, 2018 Share Posted September 7, 2018 Right sorry about that. from your desktop please ping the unraid server also run traceroute (tracert) to the unraid server tracert 192.168.10.100 tracert 8.8.8.8 as well as show the routing table route print Same with the laptop I'm curious as to what route does the desktop take to connect to unraid that's different from the laptop. usually you get this (from unRAID), root@Tower:~# traceroute 8.8.8.8 traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets 1 router.lan (192.168.71.1) 0.462 ms 0.405 ms 0.443 ms 2 112.205.224.1.pldt.net (112.205.224.1) 3.293 ms 2.894 ms 3.014 ms ... 22 google-public-dns-a.google.com (8.8.8.8) 28.890 ms 28.639 ms 28.307 ms root@Tower:~# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default router.lan 0.0.0.0 UG 0 0 0 br0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 192.168.71.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 this simply shows that unRAID is supposed to talk to the subnet directly using the br0 interface, and everything else via the gateway. This is how routes are typically setup. A device with connectivity to some site-site VPNs (I don't give the entire network access to the VPN, but make the clients use a different interface/IP) has # route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.2.1 0.0.0.0 UG 0 0 0 br0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 192.168.3.0 192.168.2.4 255.255.255.0 UG 0 0 0 br0 192.168.5.0 192.168.2.81 255.255.255.128 UG 0 0 0 br0 192.168.5.128 192.168.2.4 255.255.255.128 UG 0 0 0 br0 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 Quote Link to comment
xman111 Posted September 7, 2018 Author Share Posted September 7, 2018 thanks for your help dude, i am totally dead ended here.. here are both from laptop. Quote Link to comment
xman111 Posted September 7, 2018 Author Share Posted September 7, 2018 from desktop.. Quote Link to comment
xman111 Posted September 7, 2018 Author Share Posted September 7, 2018 (edited) it looks like as soon as i put that route into unraid, it lets unraid resolve www.google.com but then i seem to lose connectivity from the desktop to unraid but can still reach unraid from my laptop. Unraid can always get a ping back from 8.8.8.8 but can't resolve names unless i put that route in. edit... that isn't true, i rebooted unraid and desktop can still not connect.. Edited September 7, 2018 by xman111 Quote Link to comment
xman111 Posted September 7, 2018 Author Share Posted September 7, 2018 and from unraid.. Quote Link to comment
bonienl Posted September 7, 2018 Share Posted September 7, 2018 (edited) First. There is no need to add the route statement, if your network is properly set up. Looking at your picture it seems networks 192.168.10.x (LAN) and 192.168.20.x (WLAN) are grouped together. I would separate these two and place the WLAN network in VLAN 20. Since your server and desktop are connected to the same Cisco switch, and are in the same network (192.168.10.x) they can talk directly to each other without involvement of the other switch and pfsense router. If this isn't possible you need to check the configuration of the switch SG300-10. Does your desktop learn the MAC address of the server? arp -a Interface: 10.0.101.11 --- 0x9 Internet Address Physical Address Type 10.0.101.1 f0-9f-c2-05-9f-cd dynamic 10.0.101.5 0c-c4-7a-98-b6-50 dynamic .1 = my gateway .5 = my server .11 = my desktop Remark 1: A wireless device will talk to the server by passing the pfsense firewall/router, because they are in different networks. Remark 2: Make sure the LAN ports on the SG300-10 are NOT configured as private (this forces all traffic to pass the pfsense firewall/router) Edited September 7, 2018 by bonienl Quote Link to comment
xman111 Posted September 7, 2018 Author Share Posted September 7, 2018 (edited) hey man, thanks for responding.. my lan is separate from my wlan, wlan is in VLAN 20. Basically I have an single ethernet cable connected directly to PFsense that brings all the networks up to my SG300-10 in my bedroom. I have both the server and my desktop connected to that switch (just for testing). Normally the server is in a different room and connected directly to my main SG300-28 switch. Here is the arp command from the laptop. Botom one is from desktop. Edited September 7, 2018 by xman111 Quote Link to comment
bonienl Posted September 7, 2018 Share Posted September 7, 2018 Cisco switches support a feature called "private" lan, this isolates LAN ports from each other and forces devices to talk to the router. If this is used in your case, it should be switched off (i.e. make it a standard LAN port). Can you do arp on your server too. root@vesta:~# arp -n Address HWtype HWaddress Flags Mask Iface 10.0.101.11 ether d0:50:99:28:7c:91 C br0 10.0.101.1 ether f0:9f:c2:05:9f:cd C br0 Quote Link to comment
xman111 Posted September 7, 2018 Author Share Posted September 7, 2018 I will have a look for that setting.. Here is the server arp.. Quote Link to comment
bonienl Posted September 7, 2018 Share Posted September 7, 2018 (edited) The arp table of your server suggests that there is another device with IP address 192.168.10.100. Perhaps there is an IP address conflict (double assignment)? What is the output of root@vesta:~# ifconfig br0 br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 9198 inet 10.0.101.5 netmask 255.255.255.0 broadcast 0.0.0.0 inet6 2a02:a448:32d5:101:52ff:4ea6:76ba:dac9 prefixlen 64 scopeid 0x0<global> inet6 fe80::4cce:d8ff:fe69:acfd prefixlen 64 scopeid 0x20<link> ether 0c:c4:7a:98:b6:50 txqueuelen 1000 (Ethernet) RX packets 260167 bytes 128075781 (122.1 MiB) RX errors 0 dropped 13 overruns 0 frame 0 TX packets 726261 bytes 32349883269 (30.1 GiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 Edited September 7, 2018 by bonienl Quote Link to comment
xman111 Posted September 7, 2018 Author Share Posted September 7, 2018 (edited) i just checked pfsense and saw server 2, was I think the same computer but the other network card in it. When i thought i might have a flakey intel network card. I removed it and rebooted pfsense, still not connecting.. maybe reboot unraid? Edited September 7, 2018 by xman111 Quote Link to comment
bonienl Posted September 7, 2018 Share Posted September 7, 2018 The server has an incomplete ARP entry for address 192.168.10.100. This isn't right because it should be its own address. Can you show me the output of the "ifconfig br0" command? Quote Link to comment
xman111 Posted September 7, 2018 Author Share Posted September 7, 2018 here ya go. this is without the extra line in the routing table. so right now, can ping 8.8.8.8 but not www.google.com Quote Link to comment
bonienl Posted September 7, 2018 Share Posted September 7, 2018 If you don't mind. Reboot your server and show its routing table. root@vesta:~# route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.101.1 0.0.0.0 UG 0 0 0 br0 10.0.101.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 172.17.0.0 0.0.0.0 255.255.0.0 U 0 0 0 docker0 192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0 The first two entries with default route (0.0.0.0) and local subnet (192.168.10.0 in your case) pointing to default should be there. Quote Link to comment
xman111 Posted September 7, 2018 Author Share Posted September 7, 2018 of course, anything i can to help.. appreciate your time.. Quote Link to comment
bonienl Posted September 7, 2018 Share Posted September 7, 2018 That looks alright and I see, IP assignment is obtained from a DHCP server. How does yoru DNS entries look? root@vesta:~# cat /etc/resolv.conf # Generated DNSv4 entries: nameserver 10.0.101.1 Quote Link to comment
xman111 Posted September 7, 2018 Author Share Posted September 7, 2018 (edited) i just typed cat at the terminal and got this.. I think this may be the problem. That is the DNS of my VPN provider i think. Edited September 7, 2018 by xman111 Quote Link to comment
ken-ji Posted September 7, 2018 Share Posted September 7, 2018 Yeah. Hit Ctrl+C or Ctrl+D to stop it. Quote Link to comment
bonienl Posted September 7, 2018 Share Posted September 7, 2018 Press Ctrl-C And type "cat /etc/resolv.conf" Quote Link to comment
xman111 Posted September 7, 2018 Author Share Posted September 7, 2018 (edited) sorry, edited my post! I think that is the problem, that is from my VPN provider. It shouldn't get that unless it is going through the tunnel on vlan 40 i think, that is weird. Edited September 7, 2018 by xman111 Quote Link to comment
bonienl Posted September 7, 2018 Share Posted September 7, 2018 I haven't seen your reply, but if the server receives the wrong DNS entry from your DHCP server, you can make it a fixed DNS entry. See network settings and change IPv4 DNS server assignment to "static". Next fill in the desired DNS server address. Quote Link to comment
xman111 Posted September 7, 2018 Author Share Posted September 7, 2018 ya, sorry that is the DNS server from my VPN provider. It shouldn't get those. i do have unraid set to get static dns 8.8.8.8 and 8.8.4.4. Quote Link to comment
bonienl Posted September 7, 2018 Share Posted September 7, 2018 Make sure your pfsense firewall allows DNS queries to 8.8.8.8 and 8.8.4.4 to pass. Now the 100 dollar question: does it work? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.