Netgate SG-1000 microFirewall

Author Topic: Routing between two pFsense  (Read 135 times)

0 Members and 1 Guest are viewing this topic.

Offline Sigals

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Routing between two pFsense
« on: February 06, 2018, 09:22:42 am »
Hello there,

I am trying to get two seperate pFsense boxes to communicate with each other as they are the default GW for two separate networks.

They are hosted on two seperate physical servers which have been connected directly together via Ethernet cable.

Below is a little diagram to help explain:

https://i.imgur.com/0iN7nnY.png

I have setup the interfaces to use a static ip (10.0.2.10 & 10.0.2.20) and firewall rules to allow all traffic on those interfaces:

https://i.imgur.com/r2esgwS.png

However when I try to ping the other pFsense box using the appropriate interface I'm not seeing anything go across the interfaces.

Am I missing something obvious here? Selecting the appropriate interface in the left pFsense should be able to directly ping the other since they are connected directly?

I'm not seeing an entry in the ARP table in the left pFsense for the right one (10.0.2.10).

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15128
  • Karma: +1412/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Routing between two pFsense
« Reply #1 on: February 06, 2018, 10:01:18 am »
"I'm not seeing an entry in the ARP table in the left pFsense for the right one (10.0.2.10)."

Well without the ability to arp - it would never send the ping or any other form of traffic to an IP that is on its own network.

You have a connectivity issue if you put them on the same layer 2 and they can not arp for each other.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline Sigals

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Routing between two pFsense
« Reply #2 on: February 09, 2018, 07:32:39 am »
thanks for your reply,

I have switched the ports around but they still seem unable to see each other - below is a capture from one of the interfaces - both interfaces have green lights and are showing as 1000baseT <full-duplex> in pFsense

Code: [Select]
12:42:22.533057 00:0c:29:18:74:be > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.10 tell 10.0.2.20, length 28
12:42:23.553164 00:0c:29:18:74:be > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.10 tell 10.0.2.20, length 28
12:42:24.573015 00:0c:29:18:74:be > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.10 tell 10.0.2.20, length 28
12:42:25.600799 00:0c:29:18:74:be > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.10 tell 10.0.2.20, length 28
12:42:26.616447 00:0c:29:18:74:be > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.10 tell 10.0.2.20, length 28
12:42:27.640076 00:0c:29:18:74:be > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.10 tell 10.0.2.20, length 28
12:42:28.653018 00:0c:29:18:74:be > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.10 tell 10.0.2.20, length 28
12:42:29.679155 00:0c:29:18:74:be > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.10 tell 10.0.2.20, length 28
12:42:30.193017 00:0c:29:18:74:be > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.10 tell 10.0.2.20, length 28
12:42:31.213010 00:0c:29:18:74:be > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.10 tell 10.0.2.20, length 28
12:42:32.239515 00:0c:29:18:74:be > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.10 tell 10.0.2.20, length 28
12:42:33.253957 00:0c:29:18:74:be > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.10 tell 10.0.2.20, length 28
12:42:34.273017 00:0c:29:18:74:be > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has 10.0.2.10 tell 10.0.2.20, length 28
« Last Edit: February 09, 2018, 07:38:54 am by Sigals »

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 15128
  • Karma: +1412/-206
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: Routing between two pFsense
« Reply #3 on: February 09, 2018, 11:42:36 am »
well your seeing the arp.. Clearly pfsense doesn't think has IP address 10.0.2.20 or it would answer the arp.

Which interface is that on... You need to see if the other interface is seeing the traffic not that the one side is sending.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline Sigals

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: Routing between two pFsense
« Reply #4 on: February 12, 2018, 07:29:53 am »
Thanks I have got it working now.

One of my colleagues set the VLAN id to 2 without telling me so I had to make sure everything matched up - added some static routes and it's working now.

Cheers.