Multi LAN - one behind router, other not

GruensFroeschli

Can you ping the LAN IP of the pfSense?
Can you ping the WAN IP of the pfSense?
Are you able to resolve DNS names? (What is your DNS entry on the client?)

eethore

ping from 192.168.5.0 network to 192.168.7.3 REPLY
ping from 192.168.5.0 network to pfSense WAN RTO

my internal DNS is 192.168.7.1.

eethore

THANKS for still here with me…
i'm very grateful for this forum...
expecially for GruensFroeschli, i always waiting for your reply in my days...hope there will be a bright sight about this...i know i will get through it...

still can't get it right ... hiks :'(

maybe my firewall rules aren't right?

here i attaching my screenshoot...

the LAN default, i put it down to the bottom...
the rules for pass the access to the client i put it on the very top.
and for blocking the network, i put it at the top of the LAN default.

is there any problems with the WAN rules?
so i can post it to...

or maybe you wanna see the .xml ?

pfsense1.jpg_thumb

pfsense2.jpg_thumb

eethore

while waiting for your reply, i'm traceroute the traffic from 192.168.5.0 network.

the result :
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\a>tracert 192.168.7.3

Tracing route to 192.168.7.3 over a maximum of 30 hops

1 3 ms 2 ms 2 ms 192.168.5.1
2 563 ms 495 ms 496 ms 192.168.255.5
3 499 ms 497 ms 497 ms 192.168.7.3

Trace complete.

seems the traceroute have no problem accessing 192.168.7.3 (LAN pfsense).

but when traceroute the website

C:\Documents and Settings\adhyastu.rahmantyo>tracert google.com

Tracing route to google.com [64.233.187.99]
over a maximum of 30 hops:

1 4 ms 2 ms 2 ms 192.168.5.1
2 496 ms 496 ms 507 ms 192.168.255.5
3 * * ^C
C:\Documents and Settings\a>

it stops there…

GruensFroeschli

Your rule only allows TCP. A ping (aka traceroute) is ICMP.
Change the protocol to "any"

eethore

i've change the protocol to ANY.

But still no result to the goodness…

hiks...

any other ways to figure it out?

::)

eethore

hello there?

the problem isn't solved yet…
i'm desperated :(
:-[ :'( :'(

Perry

Then Commercial support might be what you need.

eethore

hiks…

maybe i'll migrate to Mikrotik again, since in Mikrotik there was no problem like this.

thanks anyway.

eethore

i found the solution.

i contact the VSAT technicians. So, we try up the topologi.

MTU is the PROBLEM !!!

so, we have to give the same MTU at the cisco router and so the pfsense, so they can communicate.

Previous setting, MTU at pfsense 1500, and the cisco router 512.
So, i set the MTU at pfsense 576, and the cisco router 576.

The technicians said, it strange. Because in cisco router, it's already been set up that the cisco router will negotiate the MTU if its below it or above it. But when trying communicate with pfsense, the policy seems not working.

But, well…it's already been solved now. It's not the NAT problem, policy problem, or anything else.
It's the MTU setting.

Thanks for all.

If anyone can give me how we can negotiate the MTU and communicate with cisco smoothly, please don't hesitate.