[Solved] some IP's have no connection

Started by Fabo, January 24, 2025, 01:34:25 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 24, 2025, 01:34:25 PM Last Edit: January 26, 2025, 02:13:37 PM by Fabo
Hello everyone
I've tried this several times and haven't found a solution yet. I installed Opnsense and set up everything (including rules and port forwarding). Everything worked fine until I noticed that one of my PCs had no internet connection. After a lot of trying, I started a new installation because I thought I had misconfigured something. I've tried the whole thing several times now.

Current status:
New installation of opnsense. I only changed the IP and DHCP address of the LAN (192.168.0.1). I didn't change anything else (no rules not portforwarding, no services nothing). All PCs and nas are connectet over the same switch and work perfectly except the IP 192.168.0.19. This has no connection to Opnsense - but has fetched the opnsense settings (static DHCP). All entries such as gateaway, DNS server and IP are correct but nothing works.

I can see the IP under Interfaces->Diagnostic->ARP Table. But DNS lookup or ping etc. doesn't work in both directions. If I set the IP to x.x.x.18 or x.x.x.20 everything works fine, as soon as I set it back to 19 nothing happens (change can be made over opnsense static - or on the pc directly, no differences). I tested this on 2 Windows and one Linux PC - same everywhere. What could be the reason?
Nothing is blocked in the FW protocol live log, the only thing I see is when I want to access the GUI via the browser - 3 entries out of 19 - on Opnsense, which are not blocked, but the GUI cannot then be accessed.

So I could change the ip and everything would work. But I would like to have this pc on the IP 19 because there are some services running. The other thing is, as long I don't know the problem, this maybe happens to other pc in longer term, that's why I want to understand it.

Thanks for advice
Fabo
January 25, 2025, 12:36:37 AM #1
I suppose the first things to check would be that the MAC address in the DHCP lease and the MAC listed in the ARP table match, and apply to the machine (interface) you expect. Then check said machine's ARP table to make sure it has the MAC address of your OPNsense machine's interface cached.

After that... perhaps start simplifying your setup until it works, then add equipment back until it doesn't. But others here may have a better diagnostic plan.
January 25, 2025, 03:21:08 PM #2
Thanks for your replay.
I decided to change the Ip - so everithing worked fine until it didn't - same as before.

after some more hours i found the problem, but don't know how to resolve it permanent. My ip is listed under SYSTEM->Routes->Status as follow:
ipv4   192.168.0.19   192.168.10.1   UGHS   NaN   1500   igc1   WAN
So opnsense send the traffic to LAN (192.168.0.19) over my WAN port ?!
Where is this from??!! When I delete this one everything works fine. But some minutes later its back.
So I don't understand, how can Opnsense give an ip over DHCP but send then the traffic wrong (What did I wrong)? I didn't made any static routing. But how do I get this deleted permanently??
January 25, 2025, 04:16:25 PM #3
Do you see any unusual messages in "System: Log Files: General"?

Chances are folks here will need more information. Post images or text from "Interfaces: Overview" and "System: Routes: Status", to start.
January 25, 2025, 05:06:11 PM #4
There are 2 ip which are wrong (x.x.x.19 AND x.x.x.5) The LAN is a bridge with opt1, 2 and 3
x.19 is connected to opt2 (directly) and x.5 is connected to a swicht on opt3. on the switch there are 4 more pc, printer and phone, everything fine...

On the 2 ip where talking about there are AdguardHome (x.19 minipc) And pihole(x.5 in a Docker)  running. Never set them as DNS in opnsense. I Disabled Adguard and shutdown the Docker of Pihole, but still after reboot of opnsense the routes are back :(.

Could not see any special in logs.
January 25, 2025, 06:43:07 PM #5
Since this is a bridged setup, which you did not say first: Did you set that up correctly, especially including setting the tuneables?
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
January 25, 2025, 08:27:14 PM #6
Heh. Chunks of your displays (with much of the interesting stuff) are not visible (the second page of each). Also, since you use a bridge, we'd like to see "Interfaces: Other Types: Bridge" as well.

If I had to guess, you have bridge member interfaces with configuration (e.g. IP) on the individual interface as well. Any bridge member interface should be unconfigured - no IP config, no rules, etc.
January 25, 2025, 10:35:44 PM #7
Oh, topology-wise, I would not recommend trying to use a single bridge as both "inside" and "outside", as it will be difficult to discriminate device role/position logically. I use bridges, and for that reason I have an "outside" ("wan") bridge and "inside" bridges. This unscrews my firewall (to an extent) and NAT config. I use this external config as my Internet service is presented as a bridged service and I have static IPs; internally, I effectively treat the firewall as my aggregation device (as most would use a switch) - all traffic runs through it. If you do not have these topologies, I'd recommend a different (more conventional) configuration for your firewall - especially as a starting point. You can always get crazier later. But that's up to you.
January 26, 2025, 01:25:44 PM #8
Quote from: Fabo on January 25, 2025, 05:06:11 PMOn the 2 ip where talking about there are AdguardHome (x.19 minipc) And pihole(x.5 in a Docker)  running. Never set them as DNS in opnsense.

Are you sure? If you had set them as DNS servers under [System -> Settings -> General] and specified your gateway for them, it seems it'd likely cause the symptoms you're observing....
January 26, 2025, 01:33:58 PM #9
Quote from: dseven on January 26, 2025, 01:25:44 PM
Quote from: Fabo on January 25, 2025, 05:06:11 PMOn the 2 ip where talking about there are AdguardHome (x.19 minipc) And pihole(x.5 in a Docker)  running. Never set them as DNS in opnsense.

Are you sure? If you had set them as DNS servers under [System -> Settings -> General] and specified your WAN gateway for them, it seems it'd likely cause the symptoms you're observing....
January 26, 2025, 02:10:42 PM #10
Thank to all for you're replays.

It's solved now.
And sorry for the few information, I didn't believed it has to do with my ISP-Router.
In fact all settings I did was fine excepted a small check-box i missed.

I Have an ISP Router (192.168.10.1) in DMZ mode (Bridge is not possible). There is a Wlan running which I like to keep (don't need more devices and every guest can take it). Now on the Router I set my 2 IP 192.168.0.5 and 192.168.0.19 as DNS. Also set an static route on the ISP-Router to send traffic for 192.168.0.0/24 to 192.168.10.28 (opnsense WAN ip).

So opnsense sow this and choose to set an static rout for these two IP's to the ISP router (which sends all the traffic to 192.168.0.0/24 back to opnsense). Now I saw I have to uncheck the "Allow DNS server list to be overridden by DHCP/PPP on WAN" (System-> Settings -> General). This way opnsense is not add these routing to the system.

But for me this is still a bug - isn't it? Why does opnsense create a route for his own client (clients from DHCP-range) to the wan?? If i set opnsense as DNS on ISP router it also sets an static route for the own WAN-ip (192.168.10.28) to send traffic to my ISP router - why??

Thanks again
January 26, 2025, 02:22:21 PM #11
Interesting. Presumably OPNsense assumes that any DNS servers advertised to a WAN interface (by DHCP or PPPoE) would be reachable through that WAN interface, and so it adds static routes to make sure that they are reached that way. I hadn't thought of that.
January 26, 2025, 06:11:54 PM #12
Good catch. I uncheck that as a matter of course, so I hadn't considered the implications at all. The possibility of an interaction with a DNS or DHCP assignment just flew right on by me.
Print
Go Up Pages1
User actions