Unable to access internet from remote site
-
bump :)
-
can you ping IP's on those subnets from pfsense itself?
Do you see the traffic getting dropped in your firewall log?
-
Yes, pinging from pfSense to the remote subnet works just fine.
And no, the log show thats the traffic gets through. -
Based on what you said, your pfsense sounds fine. I didn't see it mentioned, what version are you running?
-
Version 1.0.1
Well it seems like it's doing fine yet it doesn't seem to NAT that subnet.
Can't really see any other things in my network typology that could cause this problem.
-
Then you should update http://pfsense.best-view.net/updates/
more info here http://pfsense.blogspot.com/2007/05/choosing-which-version-to-run.html
-
Ok upgraded to 1.2-Beta-1 (Excellent job on the firmware upgrade routine guys. Quick and accurate.)
Still no go though.
Passes firewall rules but seems to get stuck in NAT or something. -
Yeah I would have suspected a NAT bug in 1.0.1, there are a few of those that have been fixed in 1.2b1.
Do you have advanced outbound NAT enabled?
-
Yes, advanced NAT enabled.
-
Then it's a problem with your advanced NAT rules. Do you need it for some reason? If not, just disable it and your problem goes away.
-
Changed to normal NAT.
Still same problem though.Very odd.
-
Is there be anything special with that leased line?
10.58.202./24 comes in via a leased line through a router with IP 10.58.112.1
maybe do some trace with pftop or tcpdump ( just a though )
-
Yeah it's time to start capturing packets and seeing what's really happening.
-
Right… hehe... the thing is..... :-\
I havn't got a clue how to do that.???
Could someone give me some pointers?Thanks!
Also. Thanks for the help on this subject. I really appreciate you guys taking your free time to help me. :)
-
Tried some TCPDUMP. Not really sure what to look for though.
The thing I find strange is that I'm able to ping hosts on the remote subnet from the pfsense box.
And the pfsense box also replies to pings from the remote subnet.
Feels like the data is flowing like it should in our internal network.
It just doesn't let me do nat for that subnet. -
In the Webgui Diagnostics: Show States I see
ICMP 10.58.202.21:512 -> external-ip:35350 -> external-gw 0:0
ICMP external-gw:512 <- 10.58.202.21 0:0
when I try to ping from the host on the remote subnet to our ISP gateway.
This should indicate that NAT is working like it should right? -
to check for a dns problem you could do something like this.
from shell tcpdump -i if2 dst port 21
from a client ftp://204.152.184.73/
By that your can see what happens on IF2 when you logon to a ftpserver
–--------------------------------------
http://your-pfsense-ip/status.php
you might find something under pfctl
–------ !! Warning this is written by someone sitting in the sun !! ------------ -
Tried some 1:1 NATing.
Worked like a charm for all our subnets except the remote subnet which we have the trouble with.
Starting to think that there must be something fishy with the router thats handling that subnet.More info later.
-
Hi Perry,
Here's the result after dumping it to a file and then importing it into Etherreal.
-
did you try searching in http://your-pfsense-ip/status.php for 10.58.202.21 or 204.152.184.73 after the test, there must be some info there telling us what happens ::)
your can also use
Diagnostics -> Packet Capture
to trace ip's