Strange problem with WAN traffic
-
I know that it wasn't the information that you asked for…...
It only started to occur when I upgraded to a snapshot from a couple of days ago (I was still running Beta1 from March!!!). I updated this morning to the latest snapshot.
The rules.debug is attached.
-
I'd double check which gateway is set to default, among other things, but really you need to provide all of the information that was asked for if you want help.
The full text of the firewall logs for the blocked traffic, for starters.
-
I've just modified the previous post to include the rules.debug.
I've also just tried to ping 8.8.8.8 and get the following in the firewall log:
Time If Source Destination Proto Aug 13 16:04:53 WAN 8.8.8.8 192.168.200.103 ICMP Aug 13 16:04:47 WAN 8.8.8.8 192.168.200.103 ICMP Aug 13 16:04:42 WAN 8.8.8.8 192.168.200.103 ICMP Aug 13 16:04:37 WAN 8.8.8.8 192.168.200.103 ICMPThe firewall action is the same as above.
-
That subnet is on your OPT2 network (192.168.200.x) - Does the exact same thing happen on OPT1 and LAN? Your OPT2 rules are little more involved than the LAN rules.
-
Yes it does. The only traffic that seems to exhibit problems is traffic that exits the WAN interface.
All traffic between LAN and OPT2 (and vice versa) works as expected.
The interesting thing is that if I go to Diagnostics > Ping in the web gui that the ping to 8.8.8.8 works.
Does this mean that for some reason that NAT isn't working properly on the WAN interface???
-
Probably related to some changes that went into if_bridge for http://redmine.pfsense.org/issues/729
how are the hosts on the bridged interface configured? What's the IP subnet, default gateway and where does it reside. It may be an invalid config that shouldn't have worked before but did because of the original issue in #729.
-
What is the best way for me to start again?
Shall I delete the config.xml and re-boot?
Would this let me start again with a working/supported config?
-
What is the best way for me to start again?
Shall I delete the config.xml and re-boot?
Would this let me start again with a working/supported config?
I don't know, you didn't say how it's setup.
-
Were you able to fix your problem? I'm experiencing a similar issue after installing the update today…
For example in the System Log: Firewall when I try to access a web site, the LAN IP shows under Destination and the Destination IP shows under Source.
-
Were you able to fix your problem? I'm experiencing a similar issue after installing the update today…
For example in the System Log: Firewall when I try to access a web site, the LAN IP shows under Destination and the Destination IP shows under Source.
If I delete the Bridge traffic through the WAN interface works as expected. If I then re-create the Bridge I get the same symptoms again.
@cmb:
I don't know, you didn't say how it's setup.
I'm Bridging OPT1 to the WAN interface as a DMZ. The OPT1 interface has no IP assigned. All machines on the OPT1 interface are within the same subnet as the WAN interface and use the same Default gateway.
The machines on the OPT1 interface need external IP addresses assigned directly to them but also require to be protected by the firewall.
is this the recommended configuration for this?
-
Am I doing something wrong?
I thought that bridging to the WAN interface would work as a DMZ.
Does anybody know on how I get around this?
-
There was a patch to bridging on the 9th that might be causing a problem. Someone on IRC also had a similar problem and backing down to a snapshot from the 8th fixed it.
-
I have backed down to the snapshot from the 8th and everything is working as expected agian.
Am I right to assume that I should keep an eye out on http://redmine.pfsense.org/issues/729 before trying to upgrade to a newer snapshot?
Many Thanks
Peter
-
Am I right to assume that I should keep an eye out on http://redmine.pfsense.org/issues/729 before trying to upgrade to a newer snapshot?
yes
