General Firewallproblem with another gateway
-
I write this abnormal pfsense question here, because i believe to find somebody with the knowhow:
I am using pfsense beta2 embedded (wrao).
I configuered pfsense on lan2 briged to route several static ips..my networks:
wan pppoe 82.207.157.176/29
lan as bridged 82.207.157.176/29
opt1 (private =lan) 192.168.1.0/24i am using a preconfiguered red derivate server "sme" in 192.168.1.0/24
sme: iptabeles nic1 192.168.1.1 nic2 82.207.157.179, iptables, act as gateway/firewall toofrom my client in 192.168.1.0/24 (gateway pfsense) i can´t access on 82.207.157.179
if change the local subnet on 82.207.157.179 to 192.168.2.0/24 access via the public way = 82.207.157.179 is possible.Do anybody know why iptables is blocking?
-
Replace the stinkin linux box with a real box. AKA BSD.
Problem solved.
Seriously, you expected more asking a linux question on a BSD forum!?
-
Sorry - but i am working with preconfigured small business server sice 5 years. i am lazy in this point.
I thought that is the firewall of the server, but today i fit a voip box -Fritzbox into the public ip space.
The conf. possibibilities are not so good, and always the box has a gateway / routing function.There is the same prob. The device isnt reachable via public ip from local net.
@sullrich:
Do you have any idea. where is the problem - iguess it´s pfsense which see
that the device has a local -(e.g. same local subnet) ip.I cant set a ping /traceroute from my local interface the public device.
I testet it with a other node which has 1 local ip and 1 public ip - but no routing / gateway acting - it runs!My conf - see at top is that i had assign the lan as with public adresse.
And.. the opt1 iface with the nonpublic RFC 1918 adresses.Is it a opposit if itake Lan or opt? Preconfiguration?
Should i change this e. g. opt1 = public network
lan to rfc 1918?Thank ahead.
-
dit you make a rule on the pfsense server to let opt1 talk to the lan network ?
action pass
interface opt1
protocol any
source any
source portrange any any
destaition lan subnet
Destination port range any anyand one to let the lan subnet talk to the opt1 subnet?
action pass
interface lan
protocol any
source any
source portrange any any
destaition opt1 subnet
Destination port range any any -
Yes if i had this only rules, then i have access on opt to lan, but no other acess outside.
Which rule is further urgent to have access from opt1 to outside? -
You grant opt1 access to estination lan subnet and lan to destination opt1 subnet. If opt1 should have access outside you need a destination any rather than only lan subnet.
-
The lan is bridget to Wan.
But i need a rule like this to have access on lan / opt1
* * * * * *
I think it´s strange, but there was no other way to have access. I tried several other combination,
only with this rule it works.So i still have the prob that the other node (1 public / 1 private adress) isn´t reachable. do i have a Loop?
netstat -rn: (looks ok)
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 88.XXX.XXX.1 UGS 0 80907 ng0
82.207.XXX.176 ff:ff:ff:ff:ff:ff UHLWb 1 4835 sis0 =>
82.207.XXX.176/29 link#1 UC 0 0 sis0
82.207.XXX.177 lo0 UHS 0 0 lo0
82.207.XXX.178 link#1 UHLW 1 10 sis0
82.207.XXX.179 00:50:8b:bb:b4:ea UHLW 1 543608 sis0
82.207.XXX.180 link#1 UHLW 1 12 sis0
82.207.XXX.181 link#1 UHLW 1 19 sis0
82.207.XXX.182 link#1 UHLW 1 15 sis0
82.207.XXX.183 ff:ff:ff:ff:ff:ff UHLWb 1 4678 sis0
88.130.64.1 82.207.XXX.177 UH 1 0 ng0
127.0.0.1 127.0.0.1 UH 0 0 lo0
192.168.1 link#3 UC 0 0 sis2
192.168.1.27 00:13:d4:53:f6:c9 UHLW 1 223015 sis2
192.168.1.75 00:15:0c:1e:2e:99 UHLW 1 172 sis2 -
I fix the prob - Dummy mistake.
I forgot to make NAT -Outbound Rules on lan and opt1 for 192.168.1.0/24
X Advanced flagthe error was that the other machine was told on public net, but route the packets back on 192.168.1.0/24 iface directly to client and
not over the gw-adress.Thanks.