Strange state in states table - not sure is this proper place to ask?

ssbaksa

I am moving a large network to pfSense (or I am trying to -depends on this) and all is OK except this:

Normal connection to that port (512 on server - BAAN application) from client state ESTABLISHED: ESTABLISHED but from network which is routed from another router to my local network it is always CLOSED: SYN_SENT. Ping is ok between sites, traceroute to, but connection to database is not and it is slow and it is some time broken.

Remote client        Providers VPN router    Provid. VPN rout        Gateway to net + route to remote net
192.168.120.1 –- 192.168.120.251 ------ 192.168.100.251 -----192.168.100.254
                                                                                    |
                                                                                    |
                                                                                    |
                                                                            192.168.100.21 Database BAAN

From other local networks (VLAN's) all is OK no problems at all.

Any idea?

Sasa

hoba

I don't see the pfSense in your drawing but maybe you need to tick the static route filtering at system>advanced. Also note that the default lan to any rule only allows connections coming from LAN IPs. If your routed network is behind that link you need to open up that rule a bit to allow the additional IP-Range or add a seperate rule for it.

ssbaksa

@hoba:

I don't see the pfSense in your drawing but maybe you need to tick the static route filtering at system>advanced. Also note that the default lan to any rule only allows connections coming from LAN IPs. If your routed network is behind that link you need to open up that rule a bit to allow the additional IP-Range or add a seperate rule for it.

pfSense is 192.168.100.254 on VLAN 10. There is also 192.168.101.0/24 and 192.168.102.0/24 on VLAN'a 20 and 30.
LAN port is only for adminsitration (em3 ETH) VLAN's on em0, WAN on em1 and DMZ on em2. There is no default rules only this that I have entered. Routed networks are on same network with server 192.168.100.21.

I can post config.xml and some siplified shema if you like.

Sasa

hoba

Did you try that tickbox at system>advanced?

ssbaksa

@hoba:

Did you try that tickbox at system>advanced?

Well you can say that I am an idiot. I DIDN'T! I have lost 9 hours and I didn't check that. I can't chheck that now because system is back in production with old firewall/router and some 350 comps, 30 servers … They will let me know when is next test scheduled. Now I have one question, why this is ocouring with pfSense (1.2 final) and not with old system (ATI Rapier 24i). I know that they are different systems but ...

I am duplicating that setup at my "home" lab and I will try to duplicate error and probably test solution.

TNX

Sasa

ssbaksa

I have tested and your advice is correct. It is working now.

TNX

Sasa