[NOOB] Connecting NAS dble ETH to LAN1 not accessible from LAN3

Started by MarieSophieSG, October 04, 2024, 12:33:31 PM

Previous topic - Next topic
October 15, 2024, 01:04:51 AM #60 Last Edit: October 15, 2024, 01:23:09 AM by MarieSophieSG
Quote from: cookiemonster on October 14, 2024, 11:48:56 PM
Still not clear about lambda but let's see. Can you please post screenshot of your LAN1 firewall rules. No link to external sites please. No need to expand the automatic ones yet.
We would also enable OPN additional logging if is on defaults:
Firewall: Settings: Advanced | Logging section. We enable to diagnose and then disable as it eats storage.

Sure ! You will see nothing but the lambda (as in "default", the two pre-set rules for LAN1, right after the automatic ones)

Quote from: cookiemonster on October 14, 2024, 11:48:56 PM
What we would like to do is (ideally) have a laptop on each interface, through a switch on each if that is the current setup, to then do the pings.

That's exactly what I did and reported in the previous

Quote from: cookiemonster on October 14, 2024, 11:48:56 PM
We would also enable OPN additional logging if is on defaults:
Firewall: Settings: Advanced | Logging section. We enable to diagnose and then disable as it eats storage.

Logging are on by default
Hunsn RS39 (N5105, 4x i225) 24.7.5_0 testing
LAN1 = swtch1 Laptop1 MX23, NAS, Laptop2 Win10
LAN2 = WiFi router AP, Laptop2, tablet, phone, printer, IoT, etc.
LAN3 = Swtch2 Laptop3 Suse; Laptop4 Qube-OS/Win10, printer
Pretending to be tech Savvy with a HomeLab :-p

October 15, 2024, 01:25:45 AM #61 Last Edit: October 15, 2024, 01:39:38 AM by MarieSophieSG
And the network setup,
Except NAS1 is out and there is no "static" (for now)
Hunsn RS39 (N5105, 4x i225) 24.7.5_0 testing
LAN1 = swtch1 Laptop1 MX23, NAS, Laptop2 Win10
LAN2 = WiFi router AP, Laptop2, tablet, phone, printer, IoT, etc.
LAN3 = Swtch2 Laptop3 Suse; Laptop4 Qube-OS/Win10, printer
Pretending to be tech Savvy with a HomeLab :-p

So, focusing on "Laptop1 (LAN1) can't ping any LAN2 LAN3 interfaces, yet along any devices on these".
- Your LAN1 on the above statement, trying to find it on your diagram, is igc0 with ip 192.168.101.101/24, right?
- Your firewall rules on it says all in allowed on IPV4 and IPv6. Good.

1) Now, plug your laptop on the switch and should, according to your diagram, get an ip in range 116-122 so why does it have instead 192.168.101.102 ? Static set by you? if so, have you checked you have also entered the correct gateway and netmask ?
2) When you ping for this laptop, do you see the traffic hitting the OPN firewall ? Blocked or allowed, doesn't matter. You need to be able to see the traffic. To do that, you need to enable logging that is disabled by default, and you've done that (it is not on by default). And on your firewall rule screenshot it appears disabled for the rule in particular, and that would override the general setting. Please double check and report.

Quote from: cookiemonster on October 15, 2024, 11:49:33 AM
So, focusing on "Laptop1 (LAN1) can't ping any LAN2 LAN3 interfaces, yet along any devices on these".
- Your LAN1 on the above statement, trying to find it on your diagram, is igc0 with ip 192.168.101.101/24, right?
- Your firewall rules on it says all in allowed on IPV4 and IPv6. Good.

Yes sir, that's exactly it

Quote from: cookiemonster on October 15, 2024, 11:49:33 AM
1) Now, plug your laptop on the switch and should, according to your diagram, get an ip in range 116-122 so why does it have instead 192.168.101.102 ? Static set by you? if so, have you checked you have also entered the correct gateway and netmask ?
That's why I mentioned "no static" (for now) as this IP was (and will be) its static one, therefore out of the DHCP range
For now, it gets a DHCP address .101.116

Quote from: cookiemonster on October 15, 2024, 11:49:33 AM
2) When you ping for this laptop, do you see the traffic hitting the OPN firewall ? Blocked or allowed, doesn't matter. You need to be able to see the traffic. To do that, you need to enable logging that is disabled by default, and you've done that (it is not on by default). And on your firewall rule screenshot it appears disabled for the rule in particular, and that would override the general setting. Please double check and report.

Logging *is* "on" by default, as I haven't touched anything there since re-install
Or maybe what you mean is I need *the only one* that is not "on" by default, the:
  Outbound NAT Log packets matched by automatic outbound NAT rules
OK, it is ON now,
Where do I check its results ? in rules statistics ?
Hunsn RS39 (N5105, 4x i225) 24.7.5_0 testing
LAN1 = swtch1 Laptop1 MX23, NAS, Laptop2 Win10
LAN2 = WiFi router AP, Laptop2, tablet, phone, printer, IoT, etc.
LAN3 = Swtch2 Laptop3 Suse; Laptop4 Qube-OS/Win10, printer
Pretending to be tech Savvy with a HomeLab :-p

Live traffic logging view:
Firewall: Log Files: Live View
Chose the INCOMING interface from the dropdown for first filter. i.e. Interface IS LAN1 or whatever you have called it.

p.s. Strange you have that on after reinstall. Never seen that happen. You ought to remember to disable it later when all is good. It'll chew your storage if the firewall is a busy one.


October 15, 2024, 12:23:28 PM #65 Last Edit: October 15, 2024, 12:33:35 PM by MarieSophieSG
Quote from: cookiemonster on October 15, 2024, 12:21:06 PM
Live traffic logging view:
Firewall: Log Files: Live View
Chose the INCOMING interface from the dropdown for first filter. i.e. Interface IS LAN1 or whatever you have called it.

p.s. Strange you have that on after reinstall. Never seen that happen. You ought to remember to disable it later when all is good. It'll chew your storage if the firewall is a busy one.

In the live view with filter on .101.116 and .103.101 with PING running (inside OPNs)
Ping results = 100% loss
Hunsn RS39 (N5105, 4x i225) 24.7.5_0 testing
LAN1 = swtch1 Laptop1 MX23, NAS, Laptop2 Win10
LAN2 = WiFi router AP, Laptop2, tablet, phone, printer, IoT, etc.
LAN3 = Swtch2 Laptop3 Suse; Laptop4 Qube-OS/Win10, printer
Pretending to be tech Savvy with a HomeLab :-p

And live view on LAN1
Hunsn RS39 (N5105, 4x i225) 24.7.5_0 testing
LAN1 = swtch1 Laptop1 MX23, NAS, Laptop2 Win10
LAN2 = WiFi router AP, Laptop2, tablet, phone, printer, IoT, etc.
LAN3 = Swtch2 Laptop3 Suse; Laptop4 Qube-OS/Win10, printer
Pretending to be tech Savvy with a HomeLab :-p

October 15, 2024, 12:50:35 PM #67 Last Edit: October 15, 2024, 12:58:43 PM by cookiemonster
I don't see the ping from 192.168.101.116 to 192.168.103.101 indeed.
Just to be sure the logging is correct. What I meant before, here in your screenshot, modified to show:

The greyed out i suggest the logging of those rules is disabled. Can you try to enable it?

EDIT:
Why isn't your interface IGC0 on your picture?
In other words, your interface LAN1 maps to IGC0 according to your diagrams. So why is it showing as "LAN1_SWITCH1_Green_ETH1_IGC1". Just a labelling error?

Quote from: cookiemonster on October 15, 2024, 12:50:35 PM
I don't see the ping from 192.168.101.116 to 192.168.103.101 indeed.
Just to be sure the logging is correct. What I meant before, here in your screenshot, modified to show:
The greyed out i suggest the logging of those rules is disabled. Can you try to enable it?
In FW, Settings, Avenced all logging are enabled

Quote from: cookiemonster on October 15, 2024, 12:50:35 PM

EDIT:
Why isn't your interface IGC0 on your picture?
In other words, your interface LAN1 maps to IGC0 according to your diagrams. So why is it showing as "LAN1_SWITCH1_Green_ETH1_IGC1". Just a labelling error?
You are absolutely right, I meant to correct it yesterday but forgot
LAN1 is IGC0, not IGC1 (WAN) corected now
Hunsn RS39 (N5105, 4x i225) 24.7.5_0 testing
LAN1 = swtch1 Laptop1 MX23, NAS, Laptop2 Win10
LAN2 = WiFi router AP, Laptop2, tablet, phone, printer, IoT, etc.
LAN3 = Swtch2 Laptop3 Suse; Laptop4 Qube-OS/Win10, printer
Pretending to be tech Savvy with a HomeLab :-p

Thanks for the confirmation of the interface names.
Quote from: MarieSophieSG on October 15, 2024, 01:04:36 PM
Quote from: cookiemonster on October 15, 2024, 12:50:35 PM
I don't see the ping from 192.168.101.116 to 192.168.103.101 indeed.
Just to be sure the logging is correct. What I meant before, here in your screenshot, modified to show:
The greyed out i suggest the logging of those rules is disabled. Can you try to enable it?
In FW, Settings, Avenced all logging are enabled
That is not what I asked though. Have you enabled the logging for these rulese on the screenshot? Ah wait, it might be something new. The i is clickable to toggle enable/disable. It's a shortcut to editing the rule and doing it there.
Chances are if you click on edit instead of the shortcut, you'll find the rule has no logging enabled. Check please.

Quote from: cookiemonster on October 15, 2024, 01:23:14 PM
Thanks for the confirmation of the interface names.
Quote from: MarieSophieSG on October 15, 2024, 01:04:36 PM
Quote from: cookiemonster on October 15, 2024, 12:50:35 PM
I don't see the ping from 192.168.101.116 to 192.168.103.101 indeed.
Just to be sure the logging is correct. What I meant before, here in your screenshot, modified to show:
The greyed out i suggest the logging of those rules is disabled. Can you try to enable it?
In FW, Settings, Avenced all logging are enabled
That is not what I asked though. Have you enabled the logging for these rulese on the screenshot? Ah wait, it might be something new. The i is clickable to toggle enable/disable. It's a shortcut to editing the rule and doing it there.
Chances are if you click on edit instead of the shortcut, you'll find the rule has no logging enabled. Check please.

By "i" you mean the "information" icon at the very right of each lines on "live view" ? right ?
If the line appears on live view, doesn't that means the logging is on ?
Keep in mind I'M using 24.7, I didn't do any update (To leave *everything* stock, until I'm told to do so)

There is no logging per rule, only the general settings (for all rules) or maybe I didn't look in the right place ?
Hunsn RS39 (N5105, 4x i225) 24.7.5_0 testing
LAN1 = swtch1 Laptop1 MX23, NAS, Laptop2 Win10
LAN2 = WiFi router AP, Laptop2, tablet, phone, printer, IoT, etc.
LAN3 = Swtch2 Laptop3 Suse; Laptop4 Qube-OS/Win10, printer
Pretending to be tech Savvy with a HomeLab :-p

please look at the attached screenshot of yours that I modified to point it out.

Quote from: cookiemonster on October 15, 2024, 01:54:44 PM
please look at the attached screenshot of yours that I modified to point it out.

Oh ! yes, right, thank you, I missed it :(
Hunsn RS39 (N5105, 4x i225) 24.7.5_0 testing
LAN1 = swtch1 Laptop1 MX23, NAS, Laptop2 Win10
LAN2 = WiFi router AP, Laptop2, tablet, phone, printer, IoT, etc.
LAN3 = Swtch2 Laptop3 Suse; Laptop4 Qube-OS/Win10, printer
Pretending to be tech Savvy with a HomeLab :-p

Once you've changed or at least checked this, you can probably see where this is going.
If there is no record on the firewall of your ping hitting it (hence is so important that the logging is right), then you need to check why is that. So it won't be a setting on OPN prevent it it, it will be something more "basic" and we will need to go to the very basics of the interface setup.
The only other thought and if it goes that way, is that I see signs of IPv6 which I do not use. I am not familiar with it, so if there is an IPv6 diagnostic required I'll need to step back.

Quote from: cookiemonster on October 15, 2024, 02:00:33 PM
Once you've changed or at least checked this, you can probably see where this is going.
If there is no record on the firewall of your ping hitting it (hence is so important that the logging is right), then you need to check why is that. So it won't be a setting on OPN prevent it it, it will be something more "basic" and we will need to go to the very basics of the interface setup.
The only other thought and if it goes that way, is that I see signs of IPv6 which I do not use. I am not familiar with it, so if there is an IPv6 diagnostic required I'll need to step back.

I clicked the I-information for both lines on both LAN1 and LAN3 FW  rules (color slightly changed to blue"
And went back to live view to get this:
Hunsn RS39 (N5105, 4x i225) 24.7.5_0 testing
LAN1 = swtch1 Laptop1 MX23, NAS, Laptop2 Win10
LAN2 = WiFi router AP, Laptop2, tablet, phone, printer, IoT, etc.
LAN3 = Swtch2 Laptop3 Suse; Laptop4 Qube-OS/Win10, printer
Pretending to be tech Savvy with a HomeLab :-p