Wednesday, April 14, 2021

Confusing Network Behavior

Originally Posted on /r/PFSENSE, can provide any additional details if needed.

EDIT:: All IPs are just examples.

Maybe you guys can help me out here, because something doesn't seem to be working right in a vendor requested configuration.

I have a network where we have a vendor that has a tandem NetGate 7100 in a network rack neighboring ours that handles all of their Vendor related networking.

We have our own Netgate 7100 that handles all LAN/Wifi stuff. The two netgates have been fine being ignorant of each other.

The vendor needs some devices that connect to our wifi to be able to hit their device, and pass through some NATing to have an internal return for an app they are hosting. Nothing too crazy so far.

We have set a custom DNS in our Netgate that resolves to an arbitrary address on our Wifi network that is out of the DHCP range.

All of my internal net works as expected, the DNS name resolves to the specified IP address, all is great.

However, the vendor statically assigned one of their switch ports on their 7100 to the requested address (1.1.1.10) and is unable to respond to a ping from anything on that subnet.

Originally this was plugged directly into a switch that had access to the requested network (1.1.1.0/24), after a few hours of troubleshooting, tagging/untagging VLANs, I figured it would be best to eliminate the Switch as any cause of trouble, and had them connect directly to an open switch port on my 7100. But the two still refuse to talk to each other. The port negotiate and connect with no issue, but still no communication on the 1.1.1.0/24 network.

Netgate-Internal:

Wifi Net: 1.1.1.0/24 (ETH1 & ETH2 Bridged @ 1.1.1.1 on ETH1, vendor on ETH2) Firewall Rules Completely wide open between both bridged interfaces. I have similar setups for Bridged interfaces elsewhere with no problem.

Netgate-Vendor: ETH5 - 1.1.1.10 - GW: 1.1.1.1, Static route for 1.1.1.0/24 with GW added

I have even switched to DHCP on the Vendor device to see if it was the IP itself, but it never gets an IP

Packet Captures just seem to be in a bubble with who-is packets on the internal side showing, and DHCP request Packets showing on the Vendor side, but neither showing the communication on both

I have had the patch between the two replaced.

Any guidance would be great.



at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)