Unable to Access Server on Same Subnet

High Everyone

I believe I genuinely have a unique circumstance, which I believe is kinda easy yet not covered in the various topics on the forum thereby warranting this new post. I will be as documentational as I can be.

Software: I am running pfsense 2.7 latest version
Hardware: Qotom mini pc 4 port nic, 8g ram, 65g ssd

everything is hunky dory all subnets connect to the internet. Before I provide documentation, I wish to explain the issue. I have a Lubuntu server with jellyfin. On that host server I have UFW enabled and allowed for ports 22, 443 to be open.

Here is my full network segmentation
full network segmentation

Sorry for the multiple replies but I can only post on photo at a time

The jellyfin server is on the pidsec subnet with the IP 10.55.0.13

here are my firewall rules each interface

nothing is blocked for local networks for either interface and I simple enabled open access to all network segments.

Interestingly, My LAN subnets can access the jellyfin server on the pidsec subnet.
Even my testlabs subnet hosts can access the jellyfin server on the pidsec subnet.
Yet for some reason I am currently unable to access this server with my main host computers which are from within the same subnet.

Even more weird, I use to be able to access it. The only event that took place from when I was able to access the server to when I was unable to is that I had to unpower a powersource from the source due to an electrical issue I had. Upon starting up the few machines is when i notice I lost the ability to connect to the jellyfin server from within the same subnet.

Now, to explain my troubleshooting, looking at this subnet

You can see I have another rule for the server. I have tried it with and without the rule, even switched the rule from top to down.

even further, Not sure if this had anything to do with anything but I have even tried changing the NAT outbound here

I tried the first two, and my issue still persist. Note that when it was working, it was on the first Automatic Outbound NAT mode. I don’t believe the other two options will fix the issue to my limited knowledge of networking.

Just to prove the fact. I have nothing locally blocked on all interfaces

And here is the basic config for the pidsec labs interface

It has the same specs as the other interfaces besides a different IP obviously.

Also I am not running VLans currently nor did I set up vpn configurations. So I haven’t done any spectacular deep configurations in the system, its almost in its default state. So Im really stumped as to why I am unable to access my own server from within the same subnet even after it has proven to work a couple months ago.

If anyone has any idea how I could fix this issue, I’d be greatly thankful!

Sorry for the multiple posts, I tried a single post but my user level I don’t think has this privilege.

I’d guess it’s Jellyfin, I’ve tried setting this up before I had issues with it connecting to network shares. If you have the ability to set up a virtual machine, set something up, then check access across the network, if it all works then it’s Jellyfin, if not it’s likely to be your pfsense config or rules.

1 Like

i’ll look into jellyfin but jellyfin is soooooooo so easy i’ve set it up at least a half dozen times no issue. And its not even in a docker container where its hidden under the dockerized layer of networking, its literally on the actual IP of the host, just on the normal 8096 port. And I can access it from other subnets, just not within the subnet its on. Thanks though

I’ve never used Jellyfin before, but my guess is that there is something on your Lubuntu server blocking the requests from the same subnet. Because usually, traffic from the same subnet does not go through a router/gateway, even more so if you are trying to hit the Jellyfin server by IP. You could easily check this by tracing the route taken from one of your client PCs on the same subnet as the Jellyfin server and check that it will only take one hop to get to the server. You might need to enable PINGs on your server.
I’d check the firewall and/or other stuff that might be blocking traffic on the server.
Hope it helps.

1 Like

Maybe in missing something here, are you trying to access jellyfish from a device with a 192.168. up address?

Thank you, I will try this. I just figured it may have something to do with pfsense, since it is directing all network traffic for all network segments.

I assume I will have to enable ping on the lubuntu server so i can get responses as this is what I get now

~> sudo traceroute 10.55.0.13
traceroute to 10.55.0.13 (10.55.0.13), 30 hops max, 60 byte packets
send: Operation not permitted

No. I can access it from other subnets. I cannot access it from within the same subnet, the network is 10.55.0.1/16
example

Other hosts on the 172 network can access the host server of 10.55.0.13. Likewise host on the 10.25.25.0/24 network segment can access it.

However a host from within the same network, example 10.55.0.11 can’t access it.

in the pidseclabs, can you move the second rule (allow all) as the first rule?

The first rule has dest ‘server’ which I dont know where it points.

yeah. I moved the rule up and still didn’t work.

I checked the server, ping is enabled. I can traceroute to other hosts on the same subnet but i can’t get my other host to ping back to my lubuntu server. very weird. I use to be able to ssh into it (again, before that power outage I stated in the initial post) and now I can’t.

check Services > DHCP > PIDSECLABS config

Double check you’ve got the right subnet settings all over the place, especially for the hosts on those rather large /16 nets. (66.5K address a piece)

If a host on one of those nets incorrectly has a /24 subnet configured, it’ll throw you some curve balls.