Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Strange problem with WAN traffic

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    18 Posts 4 Posters 5.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      peterclark4
      last edited by

      I've just modified the previous post to include the rules.debug.

      I've also just tried to ping 8.8.8.8 and get the following in the firewall log:

      Time	If	Source	Destination	Proto
      
      Aug 13 16:04:53	WAN	   8.8.8.8	   192.168.200.103	ICMP
      
      Aug 13 16:04:47	WAN	   8.8.8.8	   192.168.200.103	ICMP
      
      Aug 13 16:04:42	WAN	   8.8.8.8	   192.168.200.103	ICMP
      
      Aug 13 16:04:37	WAN	   8.8.8.8	   192.168.200.103	ICMP
      

      The firewall action is the same as above.

      1 Reply Last reply Reply Quote 0
      • jimpJ
        jimp Rebel Alliance Developer Netgate
        last edited by

        That subnet is on your OPT2 network (192.168.200.x) - Does the exact same thing happen on OPT1 and LAN? Your OPT2 rules are little more involved than the LAN rules.

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • P
          peterclark4
          last edited by

          Yes it does. The only traffic that seems to exhibit problems is traffic that exits the WAN interface.

          All traffic between LAN and OPT2 (and vice versa) works as expected.

          The interesting thing is that if I go to Diagnostics > Ping in the web gui that the ping to 8.8.8.8 works.

          Does this mean that for some reason that NAT isn't working properly on the WAN interface???

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            Probably related to some changes that went into if_bridge for http://redmine.pfsense.org/issues/729

            how are the hosts on the bridged interface configured? What's the IP subnet, default gateway and where does it reside. It may be an invalid config that shouldn't have worked before but did because of the original issue in #729.

            1 Reply Last reply Reply Quote 0
            • P
              peterclark4
              last edited by

              What is the best way for me to start again?

              Shall I delete the config.xml and re-boot?

              Would this let me start again with a working/supported config?

              1 Reply Last reply Reply Quote 0
              • C
                cmb
                last edited by

                @peterclark4:

                What is the best way for me to start again?

                Shall I delete the config.xml and re-boot?

                Would this let me start again with a working/supported config?

                I don't know, you didn't say how it's setup.

                1 Reply Last reply Reply Quote 0
                • G
                  globalmcs
                  last edited by

                  Were you able to fix your problem? I'm experiencing a similar issue after installing the update today…

                  For example in the System Log: Firewall when I try to access a web site, the LAN IP shows under Destination and the Destination IP shows under Source.

                  1 Reply Last reply Reply Quote 0
                  • P
                    peterclark4
                    last edited by

                    @globalmcs:

                    Were you able to fix your problem? I'm experiencing a similar issue after installing the update today…

                    For example in the System Log: Firewall when I try to access a web site, the LAN IP shows under Destination and the Destination IP shows under Source.

                    If I delete the Bridge traffic through the WAN interface works as expected. If I then re-create the Bridge I get the same symptoms again.

                    @cmb:

                    I don't know, you didn't say how it's setup.

                    I'm Bridging OPT1 to the WAN interface as a DMZ. The OPT1 interface has no IP assigned. All machines on the OPT1 interface are within the same subnet as the WAN interface and use the same Default gateway.

                    The machines on the OPT1 interface need external IP addresses assigned directly to them but also require to be protected by the firewall.

                    is this the recommended configuration for this?

                    1 Reply Last reply Reply Quote 0
                    • P
                      peterclark4
                      last edited by

                      Am I doing something wrong?

                      I thought that bridging to the WAN interface would work as a DMZ.

                      Does anybody know on how I get around this?

                      1 Reply Last reply Reply Quote 0
                      • jimpJ
                        jimp Rebel Alliance Developer Netgate
                        last edited by

                        There was a patch to bridging on the 9th that might be causing a problem. Someone on IRC also had a similar problem and backing down to a snapshot from the 8th fixed it.

                        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                        Need help fast? Netgate Global Support!

                        Do not Chat/PM for help!

                        1 Reply Last reply Reply Quote 0
                        • P
                          peterclark4
                          last edited by

                          I have backed down to the snapshot from the 8th and everything is working as expected agian.

                          Am I right to assume that I should keep an eye out on http://redmine.pfsense.org/issues/729 before trying to upgrade to a newer snapshot?

                          Many Thanks

                          Peter

                          1 Reply Last reply Reply Quote 0
                          • C
                            cmb
                            last edited by

                            @peterclark4:

                            Am I right to assume that I should keep an eye out on http://redmine.pfsense.org/issues/729 before trying to upgrade to a newer snapshot?

                            yes

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.