Bridge Mode - Can't ping devices from XG on local LAN. Local LAN can ping the XG fine

Setting up a XG for my home lab and can't quite understand this.

 

Everything seems to be working as needed but I can't ping or send syslog to anything on the LAN interface. BUT I'm able to ping the XG and pull SNMP from it from a host on the LAN.

 

So Host 1 can ping the XG. But the XG can't ping Host 1.

 

Any thoughts? Arp tables on the XG don't seem incorrect. 

 

 

  • Seth,

    did you enable routing on the bridge? Check the bridge configuration:

    https://community.sophos.com/kb/en-us/123098

    Use drop-packet-capture from console and tcpdump to understand the reason.

    Regards

  • In reply to lferrara:

    Yup, it's enabled. Attempted with and without multiple times and no good either way.

  • I'm in Bridge Mode and do not have any issues with Ping or Syslog to the LAN.   A couple of observations:

    1) Not sure about that Port 3 in the LAN Zone.  Would that be right?  I only have 2 physical on the box.

    2) Under interfaces, I only see br0 on my box.   The physical interfaces do not show up, as your do. Not sure why that is.  I'm on 16.05.5 MR-5

    3) Here is what my Zones look like.  No FW rules were added to make Ping or Syslog work to LAN devices.

  • In reply to DavidWilliams1:

    Seth,

    use tcpdump to understand where is the ping going. As David shared (thanks David) the bridge configuration works as David's configuration.

  • In reply to DavidWilliams1:

    1) Port 3 is just a 3rd Ethernet port I installed for testing. 

    2) when you go to Diagnostics, do multiple ports not show up? 

     

    I'm currently running SFOS 16.05.5 MR-5 as well.

  • In reply to Seth Malchow:

    And that port 3 can ping devices on the LAN fine, no issues.

  • In reply to lferrara:

    The traffic isn't reaching the intended destination devices on the LAN. Doesn't appear to be leaving the bridge interface.

  • In reply to Seth Malchow:

    Seth Malchow

    And that port 3 can ping devices on the LAN fine, no issues.

    A bridge has to be a 1-to-1 configuration.  1 LAN to 1 WAN.  If you are trying to bridge two LAN ports to one WAN port, that is not supported from the config guides I have read.

  • In reply to DavidWilliams1:

    That's not my setup. Port 3 is not apart of the bridge.

  • In reply to Seth Malchow:

    OK, last questions ....  I see that your "production" interface is a renamed br0.  When you are trying to ping, are you sourcing from that interface?  br0 is the only one in the bridge group that will get a response.

    I'm still confused why your physical interfaces are showing at all.  Did you add them after creating the bridge?  He is mine and working just fine with no other physical interfaces (the wireless is non-functional and installed by default ... with my luck, deleting it would cause some unexpected results!)

  • In reply to DavidWilliams1:

    Believe yours is the same way. If you click anywhere on that bridge pair (just not on the 3 lines icon to the right), it will list the physical interfaces.

    But yes, I'm pinging from that interface. Either Port 1, Port 2, or the bridge itself. Nothing works. But i'm able to ping the interface from another host all day long.

  • In reply to Seth Malchow:

    Seth Malchow

    Believe yours is the same way. If you click anywhere on that bridge pair (just not on the 3 lines icon to the right), it will list the physical interfaces.

    Ahhh, sure enough.  Never saw that before.