C Class Network Problem
-
If you are NATing on pfsense2 (branch) then you have to do a portforward if you like to connect to the server on the branch network.
If there is no NAT on pfsense2 (branch) than you have to check the firewall of the server (or disable it for testing).
Can you ping the server on the branch network from a client on the head network ?
Can you ping from a client on the branch network to a client on the head network ?Did you allow the traffic on the WAN1-MPLS-IP from the branch network ?
-
nats ok. Ping ok between two network. Problem at the tcp udp ports. Actually problem at head offlce to brach connections.
Allow rules added biderectional. -
If ping is ok then the routes are ok. you can also check with "trace route"
If there is a problem with tcp/udp than there seems to be a firewall problem on pfsense1, pfsense2 or the client/server you try to connect to.You should now check step by step the firewall/router logs the traffic uses and check if something is blocked.
Remote Desktop Protocol (RDP) is using Port 3389/TCP. You could check the logs for this port.I am sure this has nothing to do with your problem but I just want to mention it:
Not sure if you use multiple gateways on pfsense1 (head) but perhaps it helps if you add the correct gateway in the firewall rules for the destination network 192.168.181.0/24 (branch). -
ups, my mistake i forgot the say i have just a pfsense at my head office. branch office cooming to center over mpls vpn and accessing internet over pfsense.
I think he is saying he only one pfSense box at one end of the VPN and that all traffic from the other end is routed to is routed to the internet via this one box.
I am unfamiliar with MPLS. Do they provide simply incoming ethernet connections?Steve
-
ups, my mistake i forgot the say i have just a pfsense at my head office. branch office cooming to center over mpls vpn and accessing internet over pfsense.
I think he is saying he only one pfSense box at one end of the VPN and that all traffic from the other end is routed to is routed to the internet via this one box.
I am unfamiliar with MPLS. Do they provide simply incoming ethernet connections?Steve
I know with the pfsense boxes but it was easier for me to say "pfsense1" and "pfsense2" because of his structure in previous posts.
MPLS is, as far as I know, a routing protocol on layer 2. And as I understand him his provider offers him an ethernet network between branch and head.
–--edit----
ah, ok. pfsens1 and pfsense2 spelling was my mistake ;) -
stephenw10, you are right. i have just a pfsense appliance at my head office. any way my isp made a comment, they said state table making problems. they offered me setup your firewall "none state or keep state mode" i installed the many pfsense but i never see the state mode' s setup. how can i change my pfsense' s state mode?
-
stephenw10, you are right. i have just a pfsense appliance at my head office. any way my isp made a comment, they said state table making problems. they offered me setup your firewall "none state or keep state mode" i installed the many pfsense but i never see the state mode' s setup. how can i change my pfsense' s state mode?
I do not know what your ISP means with "none state or keep state mode". I am sorry.
-
yeah me too but isp' s firewall admin said u can but he don t know anything about pfsense…
-
I found it on pfsense:
Go to
FIREWALL -> RULES -> Edit/Create a rule.
Scroll down till you find "State type" click advanced and then try what the admin said. -
ok thanks a lot. what an easy, read read read i hate myself ): a turkish says : perfection hide in simplicity.
