Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Strange problem with WAN traffic

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    18 Posts 4 Posters 5.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      peterclark4
      last edited by

      I know that it wasn't the information that you asked for…...

      It only started to occur when I upgraded to a snapshot from a couple of days ago (I was still running Beta1 from March!!!). I updated this morning to the latest snapshot.

      The rules.debug is attached.

      Rules.Debug.txt

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        I'd double check which gateway is set to default, among other things, but really you need to provide all of the information that was asked for if you want help.

        The full text of the firewall logs for the blocked traffic, for starters.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • P
          peterclark4
          last edited by

          I've just modified the previous post to include the rules.debug.

          I've also just tried to ping 8.8.8.8 and get the following in the firewall log:

          Time	If	Source	Destination	Proto
          
          Aug 13 16:04:53	WAN	   8.8.8.8	   192.168.200.103	ICMP
          
          Aug 13 16:04:47	WAN	   8.8.8.8	   192.168.200.103	ICMP
          
          Aug 13 16:04:42	WAN	   8.8.8.8	   192.168.200.103	ICMP
          
          Aug 13 16:04:37	WAN	   8.8.8.8	   192.168.200.103	ICMP
          

          The firewall action is the same as above.

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            That subnet is on your OPT2 network (192.168.200.x) - Does the exact same thing happen on OPT1 and LAN? Your OPT2 rules are little more involved than the LAN rules.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • P
              peterclark4
              last edited by

              Yes it does. The only traffic that seems to exhibit problems is traffic that exits the WAN interface.

              All traffic between LAN and OPT2 (and vice versa) works as expected.

              The interesting thing is that if I go to Diagnostics > Ping in the web gui that the ping to 8.8.8.8 works.

              Does this mean that for some reason that NAT isn't working properly on the WAN interface???

              1 Reply Last reply Reply Quote 0
              • C
                cmb
                last edited by

                Probably related to some changes that went into if_bridge for http://redmine.pfsense.org/issues/729

                how are the hosts on the bridged interface configured? What's the IP subnet, default gateway and where does it reside. It may be an invalid config that shouldn't have worked before but did because of the original issue in #729.

                1 Reply Last reply Reply Quote 0
                • P
                  peterclark4
                  last edited by

                  What is the best way for me to start again?

                  Shall I delete the config.xml and re-boot?

                  Would this let me start again with a working/supported config?

                  1 Reply Last reply Reply Quote 0
                  • C
                    cmb
                    last edited by

                    @peterclark4:

                    What is the best way for me to start again?

                    Shall I delete the config.xml and re-boot?

                    Would this let me start again with a working/supported config?

                    I don't know, you didn't say how it's setup.

                    1 Reply Last reply Reply Quote 0
                    • G
                      globalmcs
                      last edited by

                      Were you able to fix your problem? I'm experiencing a similar issue after installing the update today…

                      For example in the System Log: Firewall when I try to access a web site, the LAN IP shows under Destination and the Destination IP shows under Source.

                      1 Reply Last reply Reply Quote 0
                      • P
                        peterclark4
                        last edited by

                        @globalmcs:

                        Were you able to fix your problem? I'm experiencing a similar issue after installing the update today…

                        For example in the System Log: Firewall when I try to access a web site, the LAN IP shows under Destination and the Destination IP shows under Source.

                        If I delete the Bridge traffic through the WAN interface works as expected. If I then re-create the Bridge I get the same symptoms again.

                        @cmb:

                        I don't know, you didn't say how it's setup.

                        I'm Bridging OPT1 to the WAN interface as a DMZ. The OPT1 interface has no IP assigned. All machines on the OPT1 interface are within the same subnet as the WAN interface and use the same Default gateway.

                        The machines on the OPT1 interface need external IP addresses assigned directly to them but also require to be protected by the firewall.

                        is this the recommended configuration for this?

                        1 Reply Last reply Reply Quote 0
                        • P
                          peterclark4
                          last edited by

                          Am I doing something wrong?

                          I thought that bridging to the WAN interface would work as a DMZ.

                          Does anybody know on how I get around this?

                          1 Reply Last reply Reply Quote 0
                          • jimpJ
                            jimp Rebel Alliance Developer Netgate
                            last edited by

                            There was a patch to bridging on the 9th that might be causing a problem. Someone on IRC also had a similar problem and backing down to a snapshot from the 8th fixed it.

                            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                            Need help fast? Netgate Global Support!

                            Do not Chat/PM for help!

                            1 Reply Last reply Reply Quote 0
                            • P
                              peterclark4
                              last edited by

                              I have backed down to the snapshot from the 8th and everything is working as expected agian.

                              Am I right to assume that I should keep an eye out on http://redmine.pfsense.org/issues/729 before trying to upgrade to a newer snapshot?

                              Many Thanks

                              Peter

                              1 Reply Last reply Reply Quote 0
                              • C
                                cmb
                                last edited by

                                @peterclark4:

                                Am I right to assume that I should keep an eye out on http://redmine.pfsense.org/issues/729 before trying to upgrade to a newer snapshot?

                                yes

                                1 Reply Last reply Reply Quote 0
                                • First post
                                  Last post
                                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.