Pfsense drop some packets?
-
this is my configuration
10.1.1.254 (pfsense) for NAT using & also set a WAN IP
10.1.1.247(static route)
and
10.1.2.x
10.1.2.254(router)But my 10.1.2.x can ping 10.1.1.x ,but can't ping WAN's any IP
it can't connect 10.1.1.x by any tcp packetsWhen I ssh from 10.1.1.x to 10.1.2.x ,it failed ,too.
Maybe pfsense drop some ACK packet from 10.1.1.x to 10.1.2.x
How can I tune my pfsense , make it pass this kind of packets,or filter loosely? -
What subnet mask are you using? If it's not /24 (or greater) then that will cause the problem you're describing.
-
So I should set subnet mask /24 in pfsense?
I did but it doesn't work..
From 10.1.2.x traceroute 10.1.1.x
it show
1.10.1.2.254
2.10.255.255.1
3.10.1.1xor other way ,I set 10.1.2.x default route 10.1.1.247
It work fine,
So I think pfsense have something wrongI found system log
block Apr 30 03:39:48 LAN 10.1.1.115:80 10.1.2.101:51992 TCP
The rule that triggered this action is:@49 block drop in log quick all label "Default deny rule"
from 10.1.1.115 to 10.1.2.101 packet been drop by pfsense
How could I make it pass @@
-
All the 10. networks need to be using /24 (or greater) based upon what little you've posted.
Maybe if you posted a simple diagram of your network, showing what's connected where and what the IP addresses and subnet masks are?
-
WAN
| public| private LAN
|
10.1.1.254(pfsense) NAT –------------------------>10.1.2.254(route)
with public ip ^ |
| | | |
| 10.1.1.247(static route) | 10.1.2.x/24
10.1.1.x/24 |
|
I think problem happens here.
pfsense drop tcp packets from 10.1.1.x/24 to 10.1.2.x/24
but I change firewall's setting , it's doesn't work.when I tried telnet 10.1.1.x/24 port 80 from 10.1.2.x/24
always got a time-out result.. -
Do you have rules on both interfaces allowing traffic to the other LAN? Are the clients on each LAN able to reac the Internet?
Do you really have 10.1.1.x/24 on both the WAN and the LAN interfaces of the pfSense host?