Ip fixo Wan e Ip fixo Lan
-
Como os pacotes da rede atras do pfsense são traduzidos para o segundo firewall?
O segundo firewall conhece esta rede atras do pfsense, sabe devolver os pacotes para ela????
-
Como os pacotes da rede atras do pfsense são traduzidos para o segundo firewall?
O segundo firewall conhece esta rede atras do pfsense, sabe devolver os pacotes para ela????
Sim, encaminhei pra você os logs que sairam quando tentei acessar a maquina para a página do bol.com.br.
-
Sim, encaminhei pra você os logs que sairam quando tentei acessar a maquina para a página do bol.com.br.
O que tinha visto era um pftop e não o tcpdump que está lá
a unica comunicação que não acontece naquele tcpdump é esta
11:54:28.525956 IP elf-0005.localdomain.51937 > 10.2.2.65.5055: Flags [ S ], seq 1394016014, win 8192, options [mss 1460,nop,nop,sackOK], length 0
11:54:28.533514 IP elf-0005.localdomain.51939 > 10.2.2.63.5053: Flags [ S ], seq 1287206207, win 8192, options [mss 1460,nop,nop,sackOK], length 0
11:54:28.539797 IP elf-0005.localdomain.51940 > 10.2.2.61.5051: Flags [ S ], seq 1962454065, win 8192, options [mss 1460,nop,nop,sackOK], length 0
11:54:28.540584 IP elf-0005.localdomain.51938 > 10.2.2.64.5054: Flags [ S ], seq 2762473566, win 8192, options [mss 1460,nop,nop,sackOK], length 0Tente monitorar em tempo real a solicitação de dns, navegação na porta 80 para o ip do site, tente identificar em que ponto a comunicação para.
se é na lan do pfsense, na wan ou se o pacote sai da wan com um ip de origem que o segundo firewall não sabe devolver
sugestão de comando
tcpdump -ni interface_lan_ou_wan_do_seu_pfsense host ip_do_servidor webou para monitorar uma porta específica
tcpdump -ni interface_lan_ou_wan_do_seu_pfsense port porta a monitorar -
Como os pacotes da rede atras do pfsense são traduzidos para o segundo firewall?
O segundo firewall conhece esta rede atras do pfsense, sabe devolver os pacotes para ela????
Sim, sem problemas, segue o tcpdump logo acima.
-
Sim, encaminhei pra você os logs que sairam quando tentei acessar a maquina para a página do bol.com.br.
O que tinha visto era um pftop e não o tcpdump que está lá
a unica comunicação que não acontece naquele tcpdump é esta
11:54:28.525956 IP elf-0005.localdomain.51937 > 10.2.2.65.5055: Flags [ S ], seq 1394016014, win 8192, options [mss 1460,nop,nop,sackOK], length 0
11:54:28.533514 IP elf-0005.localdomain.51939 > 10.2.2.63.5053: Flags [ S ], seq 1287206207, win 8192, options [mss 1460,nop,nop,sackOK], length 0
11:54:28.539797 IP elf-0005.localdomain.51940 > 10.2.2.61.5051: Flags [ S ], seq 1962454065, win 8192, options [mss 1460,nop,nop,sackOK], length 0
11:54:28.540584 IP elf-0005.localdomain.51938 > 10.2.2.64.5054: Flags [ S ], seq 2762473566, win 8192, options [mss 1460,nop,nop,sackOK], length 0Tente monitorar em tempo real a solicitação de dns, navegação na porta 80 para o ip do site, tente identificar em que ponto a comunicação para.
se é na lan do pfsense, na wan ou se o pacote sai da wan com um ip de origem que o segundo firewall não sabe devolver
sugestão de comando
tcpdump -ni interface_lan_ou_wan_do_seu_pfsense host ip_do_servidor webou para monitorar uma porta específica
tcpdump -ni interface_lan_ou_wan_do_seu_pfsense port porta a monitorarSegue o único que consegui capturar foi o da Lan o da Wan nem aparece:
12:58:13.159110 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 33957, win 4380, length 0
12:58:13.165272 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 36877, win 4380, length 0
12:58:13.166787 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 38380, win 4380, length 0
12:58:15.172241 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [P.], ack 38380, win 4380, length 763
12:58:15.172399 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 3053, win 507, length 0
12:58:15.322704 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 3053, win 513, length 1460
12:58:15.322742 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 3053, win 513, length 1460
12:58:15.322767 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 3053, win 513, length 1460
12:58:15.322787 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 3053, win 513, length 1460
12:58:15.322807 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 3053, win 513, length 1460
12:58:15.322830 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [P.], ack 3053, win 513, length 1070
12:58:15.323495 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 3053, win 513, length 1460
12:58:15.323552 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 3053, win 513, length 1460
12:58:15.331953 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 41300, win 4380, length 0
12:58:15.332120 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 3053, win 513, length 1460
12:58:15.332148 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [P.], ack 3053, win 513, length 43
12:58:15.334740 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 44220, win 4380, length 0
12:58:15.340753 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 46750, win 4380, length 0
12:58:15.345012 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 49670, win 4380, length 0
12:58:15.347078 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 51173, win 4380, length 0
12:58:17.352806 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [P.], ack 51173, win 4380, length 763
12:58:17.353017 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 3816, win 507, length 0
12:58:17.494279 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 3816, win 513, length 1460
12:58:17.494318 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 3816, win 513, length 1460
12:58:17.494343 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 3816, win 513, length 1460
12:58:17.494366 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 3816, win 513, length 1460
12:58:17.494387 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 3816, win 513, length 1460
12:58:17.494409 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [P.], ack 3816, win 513, length 1070
12:58:17.495086 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 3816, win 513, length 1460
12:58:17.495143 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 3816, win 513, length 1460
12:58:17.495168 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 3816, win 513, length 1460
12:58:17.495187 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [P.], ack 3816, win 513, length 43
12:58:17.499396 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 54093, win 4380, length 0
12:58:17.505637 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 57013, win 4380, length 0
12:58:17.511538 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 59543, win 4380, length 0
12:58:17.512097 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 62463, win 4380, length 0
12:58:17.516183 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 63966, win 4380, length 0
12:58:19.522338 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [P.], ack 63966, win 4380, length 763
12:58:19.522532 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 4579, win 507, length 0
12:58:19.659552 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 4579, win 513, length 1460
12:58:19.659597 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 4579, win 513, length 1460
12:58:19.659623 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 4579, win 513, length 1460
12:58:19.659644 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 4579, win 513, length 1460
12:58:19.659665 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 4579, win 513, length 1460
12:58:19.659687 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [P.], ack 4579, win 513, length 1070
12:58:19.660252 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 4579, win 513, length 1460
12:58:19.660286 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 4579, win 513, length 1460
12:58:19.660310 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 4579, win 513, length 1460
12:58:19.660329 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [P.], ack 4579, win 513, length 38
12:58:19.665398 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [P.], ack 4579, win 513, length 5
12:58:19.666263 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 66886, win 4380, length 0
12:58:19.668849 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 69806, win 4380, length 0
12:58:19.677936 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 72336, win 4380, length 0
12:58:19.680184 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 75256, win 4380, length 0
12:58:19.681137 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 76754, win 4380, length 0
12:58:19.883162 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 76759, win 4378, length 0
12:58:21.686017 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [P.], ack 76759, win 4378, length 763
12:58:21.686212 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 5342, win 507, length 0
12:58:21.827540 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 5342, win 513, length 1460
12:58:21.827576 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 5342, win 513, length 1460
12:58:21.827603 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 5342, win 513, length 1460
12:58:21.827624 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 5342, win 513, length 1460
12:58:21.827645 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 5342, win 513, length 1460
12:58:21.827667 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [P.], ack 5342, win 513, length 1070
12:58:21.828327 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 5342, win 513, length 1460
12:58:21.828383 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 5342, win 513, length 1460
12:58:21.828430 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 5342, win 513, length 1460
12:58:21.828450 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [P.], ack 5342, win 513, length 43
12:58:21.836238 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 79679, win 4380, length 0
12:58:21.837172 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 82599, win 4380, length 0
12:58:21.844750 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 85129, win 4380, length 0
12:58:21.847214 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 88049, win 4380, length 0
12:58:21.848813 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 89552, win 4380, length 0
12:58:23.854168 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [P.], ack 89552, win 4380, length 763
12:58:23.854345 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 6105, win 507, length 0
12:58:23.996376 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 6105, win 513, length 1460
12:58:23.996416 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 6105, win 513, length 1460
12:58:23.996446 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 6105, win 513, length 1460
12:58:23.996467 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 6105, win 513, length 1460
12:58:23.996488 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 6105, win 513, length 1460
12:58:23.996510 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [P.], ack 6105, win 513, length 1070
12:58:23.997733 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 6105, win 513, length 1460
12:58:23.997816 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 6105, win 513, length 1460
12:58:23.997842 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 6105, win 513, length 1460
12:58:23.997862 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [P.], ack 6105, win 513, length 43
12:58:24.001467 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 92472, win 4380, length 0
12:58:24.007193 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 95392, win 4380, length 0
12:58:24.010677 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 97922, win 4380, length 0
12:58:24.016996 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 100842, win 4380, length 0
12:58:24.018631 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 102345, win 4380, length 0
12:58:26.024364 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [P.], ack 102345, win 4380, length 763
12:58:26.024553 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 6868, win 507, length 0
12:58:26.161181 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 6868, win 513, length 1460
12:58:26.161218 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 6868, win 513, length 1460
12:58:26.161244 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 6868, win 513, length 1460
12:58:26.161265 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 6868, win 513, length 1460
12:58:26.161285 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 6868, win 513, length 1460
12:58:26.161307 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [P.], ack 6868, win 513, length 1070
12:58:26.161895 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 6868, win 513, length 1460
12:58:26.161924 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 6868, win 513, length 1460
12:58:26.161946 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [.], ack 6868, win 513, length 1460
12:58:26.161966 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [P.], ack 6868, win 513, length 38
12:58:26.167130 IP 129.100.29.2.80 > 129.100.29.10.53572: Flags [P.], ack 6868, win 513, length 5
12:58:26.169842 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 105265, win 4380, length 0
12:58:26.173930 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 108185, win 4380, length 0
12:58:26.175105 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 110715, win 4380, length 0
12:58:26.182923 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 113635, win 4380, length 0
12:58:26.184124 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 115133, win 4380, length 0
12:58:26.381831 IP 129.100.29.10.53572 > 129.100.29.2.80: Flags [.], ack 115138, win 4378, length 0 -
parece trafego da sua maquina para a interface do pfsense.
-
parece trafego da sua maquina para a interface do pfsense.
Certo, o que mais eu poderia fazer?
-
Certo, o que mais eu poderia fazer?
Conseguir identificar via tcpdump o trafego quando a maquina solicita o site externo.
-
Certo, o que mais eu poderia fazer?
Conseguir identificar via tcpdump o trafego quando a maquina solicita o site externo.
Eu fiz isso justamente neste tcpdump. Quando digito o tcdump no pfsense, eu já faço a tentativa de acesso ao site.
-
Pessoal, ainda não consegui fazer rodar, queria uma dica sobre isso, como poderia fazer para rodar certo sem que o pfsense tivesse os Ips internos das minhas redes, não poderiam ser 10.2.2.xx e nem 192.168.xx.xx, o que me recomendaria adicionar na Wan e na LAN do pfsense para rodar certinho a web e as máquinas de clientes.