No Internet access to LAN2
-
On which interface did you setup the rule? And what rule did you use? Did you reset firewall states after defining the rule (see Diagnostics -> States and click on the Reset States tab)?
Rule was setup on the LAN2 Interface the to allow all inbound and outbound traffic to WAN
Not sure what you mean by "to WAN" - you specified the destination IP address in the firewall rule as WAN IP address or WAN subnet? You probably want something like any as the destination IP address in the firewall rule (at least for testing). A web access to (for example) http://www.google.com is unlikely to have the WAN subnet or WAN IP address as its destination IP address. If you need to tweak the firewall rule don't forget to reset states.
-
hmmm…..
Apr 24 01:24:58 routed[54817]: lagg0 (192.168.0.25/24) is duplicated by bge1 (192.168.0.1/24)
Apr 24 01:25:36 routed[54817]: lagg0 (192.168.0.25/24) is duplicated by bge1 (192.168.0.1/24)
Apr 24 01:25:36 routed[54817]: lagg0 (192.168.0.25/24) is duplicated by bge1 (192.168.0.1/24)
Apr 24 01:26:34 routed[54817]: lagg0 (192.168.0.25/24) is duplicated by bge1 (192.168.0.1/24) -
Apr 24 01:24:58 routed[54817]: lagg0 (192.168.0.25/24) is duplicated by bge1 (192.168.0.1/24)
It looks like you have two separate interfaces (lagg0 and bge1) in the same subnet (192.168.0.0/24). This is an invalid configuration. You should move one of them to a different subnet (for example, 192.168.2.0/24).
-
Gotcha…
Also I'm looking to move to private IP Adress rather than public.
Also wondering if IPv6 tunnel can allow me to watch Hulu or similar services that are restricted since the tunels are into the US -
OK…
Changed the Static IP to 10.50.100.X/24 now i can ping the address, but still no internet access.Rule is set on LAN2 to allow all incoming and outgoing to any.
Also added the IP to the route table to route to the WANHowever...
i can still ping it, but have to check in depth and see if there's anything i missed -
Hey guys…
still not working !!!
I need this taken care of ASAP -
Changed the Static IP to 10.50.100.X/24 now i can ping the address, but still no internet access.
Which static IP address. Ping from where? to where?
"Still no internet access" means what: An attempt to access the server from the internet reports "no route to host"? "timeout"? "unknown host"? or stalls with nothing showing after (say) 5 minutes? Or do you mean an attempt to access a public internet site from the server on LAN2 fails reporting "unknown host"? "no route to host"? "timeout"?
If you need this resolved ASAP then you should help readers of this thread help you by providing details of what you are attempting and what is reported. The more we, the readers, have to guess the details the more likely it is we will make incorrect guesses which will delay coming to the solution. Example detailed report: On the server whose IP address is x.x.x.x and connected to pfSense LAN2 interface whose IP address is y.y.y.y a ping to the pfSense LAN2 interface IP address gets a ping response but on an attempt by a browser to access web site … the browser reports ...
-
A diagram and some screen shots of your firewall rules, port forwards and lagg setup would probably help a lot.
Steve
-
I will do that latter on tonight when i get home…
I been away for work and need to get the website up and running ASAP so it can generate some revenue -
Hey guys…
Back at it again...
Was out of the country due to death in the family and now I'm back!!!Today i did the following:
- Changed IP address on both the server and my PF box
- Able to ping server from PF box as seen below from the ping stat
PING 192.168.x.x from 68.150.x.x: 56 data bytes
64 bytes from 192.168.x.x: icmp_seq=0 ttl=64 time=0.131 ms
64 bytes from 192.168.x.x: icmp_seq=1 ttl=64 time=0.057 ms
64 bytes from 192.168.x.x: icmp_seq=2 ttl=64 time=0.051 ms
--- 192.168.x.x ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.051/0.080/0.131/0.036 msServer still not visible on LAN 1 nor has WAN access...
No NAT rules or Bridges have been setup -
Sorry about that. :(
Reading back through this thread it looks like we never resolved what the firewall rule you put in place is.
Please post a screen shot (or copy and paste) of your LAN2 firewall rules.Also just to confirm you have LAN2 assigned to lagg0?
Steve
-
Rules for LAN1 are the same for LAN2…
Allow all and any traffic from WAN to LAN2 and From LAN1 to LAN2 and vice versa -
Rules for LAN1 are the same for LAN2…
Allow all and any traffic from WAN to LAN2 and From LAN1 to LAN2 and vice versaThese two statements do not agree unless you have changed the default LAN rule dramatically!
The rule I expect to see on LAN2 would be:
Protocol: any
Source: LAN2 net, port any
Destination: any, port any
Gateway anyThe firewall rules on an interface apply to traffic entering that interface. Therefore you need to allow traffic entering the LAN2 interface from the other end of the LAGG.
Steve
-
Actually…
i copied it the Default LAN1 Rule to LAN2 -
Ah, maybe I've misunderstood. The problem is the machine at the end of the LAGG cannot access the internet yes?
Is there anything appearing in the firewall log when you try to connect out from the server on LAN2? There shouldn't be if you have the firewall rule correct. You could try enabling logging on the LAN2 rule to check if it is working correctly.If not that I'd have to suspect a routing problem related to LAGG.
Steve
-
Thanks for the quick reply Steve…
On the Server I'm running HP Network Configuration Utility that allows the network adapter to be teamed and run LACP
I'm very tempted to dissolve the teaming and check if it will run without it and if it does then at least i tracked down my problem
-
That's a good plan.
One step at a time when things start to go wrong.Steve
-
OK…
Dissolved network card teaming, set Static IP on 1 adapter and DHCP on the other...
Did the same on my PFBox and set up the default rules on both ports
Tried one adapter at a time with no successI guess it wasn't the LAGG or LACP setup
-
Hmm, interesting.
Did you assign each adapter in turn as LAN2 or both as 2 and 3?
Reassigning adapters and ip type can sometimes result in a stale state table, with rules still in place from a previos config waiting to timeout. This can cause misleading results. You can clear the state table or reboot after a major config change to ensure everything has filtered down.Steve
-
EM0 was named SERVER and EM1 was named WIRELESS
After all the changes i restarted the firewall
