Problem after public IP change
-
Just recently, our ISP changed the IP blocks (/27 leased line) they provided into a different one. Updated the virtual IP's, Interface IP add, and Interface GW. The Internet is fine, users can reach the Internet using the new IP. However, my servers (port forwarded) running on ports 80, 443, SSH, etc. can't be reached from the outside. One thing I noticed is that if I use a VPN from the client's device, the servers can be accessed.
It's 3 days from now since I'm trying to solve this issue. Please help.
-
@beluclark
So did you also update your NAT rules to the new IPs (aliases)?
Since you might have used some IP aliases for that, which are static, you have to update them. -
@viragomann
Yes, all are static and all are changed to it's new designated public IP -
@beluclark
So I'd expect them to work.
If not, there might be something wrong.Use packet capture to sniff the traffic on WAN and internal interface to see if something behaves faulty.
-
@viragomann
Thank you for your time.Upon performing packet capture, I did not see any traffic from the servers (I tried both 80 and 443). But if I test using this tool, it says that the ports are open. I really don't know what's happening right now.
-
@beluclark said in Problem after public IP change:
Upon performing packet capture, I did not see any traffic from the servers (I tried both 80 and 443)
We are talking about traffic to the servers, as I understood.
But if I test using this tool, it says that the ports are open. I really don't know what's happening right now.
Maybe you didn't consider to update the public DNS?
-
@viragomann said in Problem after public IP change:
We are talking about traffic to the servers, as I understood.
Sorry, yes to the servers.
Public DNS are also properly configured. Both in pfSense, clients, and servers.
-
@beluclark
So how did you do the packet capture?When you run the port checker test, which shows that the port ist open, and sniff the WAN traffic, you should see the packets on the WAN. And if you go to the server facing interface you should see the packets as well.
So when do you see nothing? Provider some more details about, what you do, please.
-
@viragomann said in Problem after public IP change:
So how did you do the packet capture?
Inside pfSense's Diagnostics > Packet Capture
Tried to access the server (both its IP and domain) via the outside network. But there was no packet being sniffed.
-
@viragomann said in Problem after public IP change:
When you run the port checker test, which shows that the port ist open, and sniff the WAN traffic, you should see the packets on the WAN.
Yes, there were active states recorded from port checker's IP
-
I can only access those servers if the client is using third party VPN.
-
Is reinstalling pfSense my last resort for this?
-
@beluclark said in Problem after public IP change:
I can only access those servers if the client is using third party VPN.
When you go over a public VPN, you can access you network, but not from say your smartphone, when you go over the cell internet connection (wifi disabled)?
-
@viragomann
Yes. By using public VPN, i can access them. I tried also using LTE/5G (with public VPN). With VPN off, I can no longer access them. -
@beluclark
What exactly do you get in the browser?Did you tried to access it by IP or just by host name?
Sniff the traffic on WAN port 80 and 443 and enter the IP into the browser. I'd expect to see the packets.