Forward /29 through gre tunnel and allocate public ips on hosts.

stephenw10

And still nothing shown in the firewall logs as blocked on either pfSense install?

s_serra

in the local pfsense no, in the remote the firewall is disabled.

stephenw10

Hmm, well I see nothing in pfSense that would be causing a problem here and you say nothing changed there.

I can't ping 185.113.143.50 from here:

PING 185.113.143.50 (185.113.143.50) 56(84) bytes of data.
From 194.38.148.182 icmp_seq=1 Destination Host Unreachable

But I don't know if I should be able to.

If you can't ping into the routed subnet either that looks more like some routing issue. But it doesn't look like it's in pfSense because it can traceroute to something at least as far as the ISP.

Steve

s_serra

@stephenw10

The ip 185.113.143.49 is the ip of the vlan interface of the local pfsense and I think it's always working fine (the icmp is active you can ping it). The rest of the vms that have 185.113.143.49 as a gateway don't work well sometimes it works sometimes it doesn't.

stephenw10

Doesn't work from here:

PING 185.113.143.49 (185.113.143.49) 56(84) bytes of data.
From 194.38.148.182 icmp_seq=1 Destination Host Unreachable
From 194.38.148.182 icmp_seq=2 Destination Host Unreachable

Something filtering the source upstream?

tedquade

@stephenw10 works from my location:

C:\Users\Ted>ping 185.113.143.49

Pinging 185.113.143.49 with 32 bytes of data:
Reply from 185.113.143.49: bytes=32 time=215ms TTL=48
Reply from 185.113.143.49: bytes=32 time=209ms TTL=48
Reply from 185.113.143.49: bytes=32 time=215ms TTL=48
Reply from 185.113.143.49: bytes=32 time=225ms TTL=48

Ping statistics for 185.113.143.49:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 209ms, Maximum = 225ms, Average = 216ms

C:\Users\Ted>

stephenw10

Mmm, still failing here so it looks like something rejecting it for some sources.

Does your route go through 194.38.148.182?

tedquade

@stephenw10 It does not.

I attempted to post the complete traceroute but it was flagged as spam.

Ted

stephenw10

Mmm, this appears to be something in the route. I don't believe this is anything to do with either pfSense box.

s_serra

It's very strange if it's something out of the two pfsense I don't have access to their network and I can't do anything. I already sent a message to my isp and they say that on their side everything is fine. I use https://lg.as44222.net/ to test the ping as they are linked to the same ixp . It could probably be a routing conflict on their side or the ddos protection they have that is causing these problems. Thank you for your help.

s_serra

I was in contact with my ISP and we managed to solve the problem by changing the ip 185.113.141.145 to the ip 185.113.143.xx inside the /24 of my /28. Thank you for help.