pfSense Support Subscription

Author Topic: [SOLVED]Can not connect to low number IP addresses, ARP request fails  (Read 1461 times)

0 Members and 1 Guest are viewing this topic.

Offline Takaratiki

  • Jr. Member
  • **
  • Posts: 27
  • Karma: +0/-0
    • View Profile
How's that for a title?

 I am attempting to bring our school's firewall over to 2.0 from 1.2.3. I am using 2.0-RC3 amd64. Our WAN interface is an em0, LAN bge0. I've installed the system three times and am stopped by the exact same issue: once a request, ping, anything is sent to an IP address that starts lower than 200, the packets disappear utterly. I can ping Yahoo's 209.191.122.70 IP, but it fails on 69.147.125.65 consistently with a Destination Host Unreachable message. This behavior seems consistent when accessing multiple sites.
 I thought this may have been related to the mbufs issue http://forum.pfsense.org/index.php/topic,37754.0.html but netstat -m shows everything well within tolerances and nothing on the "mbufs denied" front. The MBUF counter on the splash page looked high (2267/2947). A dump during a failed connection shows:

Quote
21:26:27.088893 ARP, Request who-has 69.160.32.100 tell 66.xxx.xxx.xxx, length 28
21:26:28.090243 ARP, Request who-has 69.160.32.100 tell 66.xxx.xxx.xxx, length 28

and then nothing. This seems to be the main point of failure, but I am unsure as to the remedy.

If I am a fool and have missed something basic, please let me know. The installs are untweaked apart from altering the admin password and the firewall is simply a WAN/LAN config. Please let me know if more info is needed and I will provide.
« Last Edit: July 12, 2011, 08:47:58 pm by Takaratiki »

Offline cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6333
  • Karma: +0/-0
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: Can not connect to low number IP addresses, ARP request fails
« Reply #1 on: July 11, 2011, 11:36:17 pm »
Wrong WAN (or some interface) subnet mask somewhere? Sounds like what you would see if you had a /1 mask on WAN (which would imply half the Internet was locally reachable, which it of course isn't).

Offline wallabybob

  • Hero Member
  • *****
  • Posts: 5262
  • Karma: +0/-0
    • View Profile
Re: Can not connect to low number IP addresses, ARP request fails
« Reply #2 on: July 12, 2011, 04:29:57 am »
Further to cmb's reply

Quote
21:26:27.088893 ARP, Request who-has 69.160.32.100 tell 66.xxx.xxx.xxx, length 28
21:26:28.090243 ARP, Request who-has 69.160.32.100 tell 66.xxx.xxx.xxx, length 28

suggests something thinks 66.xxx.xxx.xxx and 69.160.32.100 are on the same subnet which is most unlikely. A network mask most likely doesn't have enough bits.

Offline Takaratiki

  • Jr. Member
  • **
  • Posts: 27
  • Karma: +0/-0
    • View Profile
Re: Can not connect to low number IP addresses, ARP request fails
« Reply #3 on: July 12, 2011, 09:18:13 am »
Thank you for the replies. I will double check the settings tonight and report back when I have something.

Offline Takaratiki

  • Jr. Member
  • **
  • Posts: 27
  • Karma: +0/-0
    • View Profile
Re: Can not connect to low number IP addresses, ARP request fails
« Reply #4 on: July 12, 2011, 08:46:52 pm »
Hand meet head. The WAN default subnet was 32. Switched it to 24, life is pure again. Thanks for the help, will attempt to not overlook the basics in the future. And drink more coffee...