Ports being blocked even though they are open
-
what do your firewall logs look like exactly? And rules, NAT.
-
the logs stated that the source IP address was trying to access the distination address via port 500 or 1723 or 443 via wan. The destination address being the internal IP address that the port is supposed to be directed to.
rules and nat states that anything on the wan via the interface address requesting that port is supposed to be forwarded to the server on the network.
If you need I can take some screen shots.
-
If you are positive that your rules are correct, make sure you have expired any/all states pertaining to those connections.
-
That's not exact enough, which TCP flags? what exactly are your rules and NAT? Screenshots best
-
OK, so her are those screen shots. Sorry it took so long to get back but I haven't had time to bring the router back online and pull the screen shots that you guys need.
BTW, thank you so very much for helping out, I appreciate it, I'd much rather use PfSense than the stupid Watchgaurd Pile that we currently have here.
Anyhow, so after bringing it back online I tried to remote in using one of the client's machines that had been having problems and it won't connect to the VPN now with the PfSense box in place but it will when the WatchGaurd is in place.
-
and to throw in another twist it seems PfSense doesn't like her external IP address. If I try and remote in using a different privoder than either the remote location or the client I can connect without a hitch. If I try and connect from the client's machine I get blocked.
Any thoughts?
-
Well somehow I screwed up the first box that I setup by checking something that I shouldn't have so I replaced it with a PowerEdge 2850 and it is VERY snappy, but the proplem persists and the only thing I have configured is traffic shaping. I have installed no packages thus far.
-
Config is fine, I suspect you don't have functional DNS on the firewall itself which is causing its bogon updates to fail, and that 50.x IP is in an outdated copy of bogons you have on there as a result.
Check your DNS under System>General Setup, and ensure you can ping files.pfsense.org from Diag>Ping. Once that works, run:
/etc/rc.update_bogons.sh nowand check your system log to ensure that was successful.
-
OK, I ran the update though I got a strange message, I don't really understand what it means but here is the message.
May 6 21:01:47 root: rc.update_bogons.sh is sleeping for 44075
May 6 21:01:47 root: rc.update_bogons.sh is starting up.I also ran the diagnostics and pinged files.pfsense.org and it replied without a hitch.
Any thoughts?
-
Well I checked on it this morning and all I saw in the logs was
May 7 14:13:11 kernel: arp: 192.168.0.254 moved from 00:18:8b:40:33:cc to 00:18:8b:40:33:ca on em0
May 7 14:13:11 kernel: arp: 192.168.0.254 moved from 00:18:8b:40:33:ca to 00:18:8b:40:33:cc on em0Nothing about bogons updating and just received an email from the client this morning that she is unable to access the network because her vpn connection is being blocked.
Is there anything else I can do to make this work?.
-
You didn't specify the "now" as shown in my post if you got a sleep there. Which means you won't see it update for several hours, 44075 seconds is the random sleep yours picked.
-
oh, crap, didn't see that, ok, will try it again and watch the logs and report back. Thanks, I'll be back! :P