• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Pfsense ligado a uma porta em modo bridge

Scheduled Pinned Locked Moved Portuguese
12 Posts 3 Posters 4.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    Akill
    last edited by Oct 25, 2013, 10:40 PM

    Boas pessoal,

    tenho um problema com o meu pfsense. Tenho um router da minha operadora com a porta em modo bridge, que me permite ter um IP publico na interface do pfsense. se eu ligar o meu pfsense nessa porta, ganho o IP correcto mas nunca tenho internet, nem se quer consigo fazer PING aos DNS da Google.
    Se eu ligar o servidor  pfsense numa das outras portas do router, ficando com um IP privado na gama 192.168.1.0/24, tudo funciona na perfeição.
    Inicialmente pensei que foce da operadora de internet, problema de configuração ou qualquer coisa do estilo, mas após ligar um portátil nessa mesma porta, em modo bridge, é atribuido o mesmo IP publico, e o portátil funciona na perfeição.

    Alguém tem algum conhecimento de problemas com o pfsense ligado a um router com porta em bridge?!

    um abraço

    1 Reply Last reply Reply Quote 0
    • J
      joaobrn
      last edited by Oct 25, 2013, 10:45 PM

      Meu caro boa noite,

      tente pingar o IP 8.8.8.8 e me fala se vc obtem resposta.

      Outra coisa que vc pode tentar fazer:

      Adicione uma regra em LAN permitindo sair tudo dá um ping novamente p ver se vai sair.

      Aguardo retorno.

      Atenciosamente,

      João Batista da Rocha Neto
      ROCHA NETO - Consultoria em TI
      Fone: (34) 99943-1030
      Skype: joaobrn.rochanetoconsultoria

      1 Reply Last reply Reply Quote 0
      • A
        Akill
        last edited by Oct 25, 2013, 10:50 PM

        boas,

        obrigado desde já pela sua rápida resposta.

        relativamente ás regras está a permitir tudo da LAN para fora… Até porque os testes foram feitas exactamente com as mesmas configurações a nivel de regras...

        relativamente ao PING, se eu ligar o pfsense na porta em bridge do router, não consigo se quer ter internet no pfsense, nem efectuar ping para fora.

        Se eu ligar o pfsense, exactamente com as mesmas configurações, numa das outras portas do router (não estão em modo bridge) consigo ter internet, fazer ping, navegar, tudo na perfeição.

        em todos os testes, a WAN do pfsense está configurado com DHCP, sendo que é a minha operadora de internet, responsável por atribuir o IP publico, quando ligo um equipamento na porta em modo bridge.

        dado que liguei um portatil nessa mesma porta (em modo bridge) e tudo funciona na perfeição, leva-me a querer que é um bug do pfsense... :S

        um abraço

        1 Reply Last reply Reply Quote 0
        • J
          joaobrn
          last edited by Oct 25, 2013, 10:59 PM Oct 25, 2013, 10:56 PM

          Qual modelo de modem vc está utilizando, pois tem alguns modems que tem a opção de vc utilizar PPPOE e Brigde simultaneamente e se por acaso sua PPPOE estiver ligada vc não consegue navegar mesmo pegando IP pelo modo Brigde no pfsense. Eu tive esse caso em um cliente e só desativei e passou a funcionar.

          Seria interessante tb vc verificar as configurações de DNS.

          Se vc der um tracert vc consegue chegar pelo menos na primeira borda depois do PFSense?

          Atenciosamente,

          João Batista da Rocha Neto
          ROCHA NETO - Consultoria em TI
          Fone: (34) 99943-1030
          Skype: joaobrn.rochanetoconsultoria

          1 Reply Last reply Reply Quote 0
          • A
            Akill
            last edited by Oct 25, 2013, 10:57 PM

            Mas se assim foce, o teste que fiz com o PC nessa mesma porta, tambem não funcionava certo?! e neste caso com um PC com o windows 7 funciona na perfeição.

            1 Reply Last reply Reply Quote 0
            • M
              marcelloc
              last edited by Oct 26, 2013, 1:29 AM

              Sabe usar o tcpdump?

              Consegue rodar na wan enquanto o ip publico está atribuído no pfsense?

              Treinamentos de Elite: http://sys-squad.com

              Help a community developer! ;D

              1 Reply Last reply Reply Quote 0
              • A
                Akill
                last edited by Oct 26, 2013, 5:16 PM Oct 26, 2013, 4:42 PM

                boas marcelloc,

                sei sim… e quando fiz os testes só vejo pedidos ARP a chegar a minha interface WAN... muitos muitos mesmos... algo que também notei com o wireshark quando liguei um portátil á mesma porta bridge do router... mas penso que isso seja derivado ao facto da porta do router estar em modo bridge e apanhar directamente com todo o tráfego do segmento da rede publica ( /27).

                quando fiz os testes com o tcpdump no pfsense, não cheguei a ver se existia alguma informação sobre saída de tráfego (pós NAT), porque o servidor está num datacenter e na altura não tinha nenhum portátil comigo para analisar esse tipo de tráfego.

                já agora o modelo do router é um thomson THG540, a operadora é a ZON.

                um abraço e obrigado pelas vossas ajudas.

                1 Reply Last reply Reply Quote 0
                • J
                  joaobrn
                  last edited by Oct 28, 2013, 1:24 PM

                  Você olhou os logs do PPP pra ver se sua máquina está recebendo gateway e System pra ver se está com algum conflito?

                  Atenciosamente,

                  João Batista da Rocha Neto
                  ROCHA NETO - Consultoria em TI
                  Fone: (34) 99943-1030
                  Skype: joaobrn.rochanetoconsultoria

                  1 Reply Last reply Reply Quote 0
                  • A
                    Akill
                    last edited by Oct 28, 2013, 9:17 PM

                    boas… estão aqui os log's, pode ser que me possam ajudar... :S

                    Oct 25 18:49:31 dc_pfsense apinger: ALARM: WAN_DHCP(85.138.59.254) *** down ***
                    Oct 25 18:53:53 dc_pfsense apinger: SIGHUP received, reloading configuration.
                    Oct 25 18:53:53 dc_pfsense apinger: alarm canceled (config reload): WAN_DHCP(85.138.59.254) *** down ***
                    Oct 25 18:53:53 dc_pfsense apinger: No usable targets found, exiting
                    Oct 25 18:54:37 dc_pfsense apinger: Starting Alarm Pinger, apinger(40923)
                    Oct 25 18:54:37 dc_pfsense apinger: No usable targets found, exiting
                    Oct 25 18:55:35 dc_pfsense apinger: Starting Alarm Pinger, apinger(21463)
                    Oct 25 18:55:35 dc_pfsense apinger: No usable targets found, exiting
                    Oct 25 18:55:45 dc_pfsense apinger: Starting Alarm Pinger, apinger(10178)
                    Oct 25 18:55:45 dc_pfsense apinger: No usable targets found, exiting
                    Oct 25 18:56:14 dc_pfsense apinger: Starting Alarm Pinger, apinger(21804)
                    Oct 25 18:56:14 dc_pfsense apinger: No usable targets found, exiting
                    Oct 25 19:02:10 dc_pfsense apinger: Starting Alarm Pinger, apinger(12319)
                    Oct 25 19:02:14 dc_pfsense apinger: SIGHUP received, reloading configuration.
                    Oct 25 19:02:24 dc_pfsense apinger: ALARM: WAN_DHCP(85.138.59.254) *** down ***
                    Oct 25 19:03:32 dc_pfsense apinger: SIGHUP received, reloading configuration.
                    Oct 25 19:08:04 dc_pfsense apinger: SIGHUP received, reloading configuration.
                    Oct 25 19:08:04 dc_pfsense apinger: alarm canceled (config reload): WAN_DHCP(85.138.59.254) *** down ***
                    Oct 25 19:08:09 dc_pfsense apinger: SIGHUP received, reloading configuration.
                    Oct 25 19:10:07 dc_pfsense apinger: SIGHUP received, reloading configuration.
                    Oct 25 19:10:21 dc_pfsense apinger: SIGHUP received, reloading configuration.
                    Oct 25 19:40:49 dc_pfsense apinger: SIGHUP received, reloading configuration.
                    Oct 25 19:41:02 dc_pfsense apinger: ALARM: WAN_DHCP(192.168.1.1) *** down ***
                    Oct 25 19:42:35 dc_pfsense apinger: alarm canceled: WAN_DHCP(192.168.1.1) *** down ***
                    Oct 25 19:42:37 dc_pfsense apinger: SIGHUP received, reloading configuration.
                    Oct 25 19:55:21 apinger: Starting Alarm Pinger, apinger(22998)
                    Oct 25 19:55:22 apinger: SIGHUP received, reloading configuration.
                    Oct 28 11:14:05 apinger: Starting Alarm Pinger, apinger(23249)
                    Oct 28 11:14:06 apinger: SIGHUP received, reloading configuration.
                    Oct 28 11:19:06 apinger: SIGHUP received, reloading configuration.
                    Oct 28 18:26:48 apinger: ALARM: WAN_DHCP(192.168.1.1) *** down ***
                    Oct 28 18:30:17 apinger: SIGHUP received, reloading configuration.
                    Oct 28 18:30:17 apinger: alarm canceled (config reload): WAN_DHCP(192.168.1.1) *** down ***
                    Oct 28 18:30:27 apinger: ALARM: WAN_DHCP(81.84.139.254) *** down ***

                    Oct 28 18:14:20 filterdns: adding entry 74.125.235.239 to table 4 on host csi.gstatic.com
                    Oct 28 18:14:20 filterdns: adding entry ::2404:6800:4006:805:0:0 to table 3 on host csi.gstatic.com
                    Oct 28 18:19:20 filterdns: adding entry 173.194.126.175 to table 4 on host csi.gstatic.com
                    Oct 28 18:19:20 filterdns: Different hostnames(csi.gstatic.com - java.com) resolve to same ip address
                    Oct 28 18:19:20 filterdns: adding entry ::2607:f8b0:400c:c03:0:0 to table 3 on host csi.gstatic.com
                    Oct 28 18:19:20 filterdns: Different hostnames(csi.gstatic.com - java.com) resolve to same ip address
                    Oct 28 18:24:20 filterdns: adding entry ::2607:f8b0:4007:800:0:0 to table 4 on host csi.gstatic.com
                    Oct 28 18:24:20 filterdns: Different hostnames(csi.gstatic.com - java.com) resolve to same ip address
                    Oct 28 18:24:20 filterdns: adding entry 74.125.140.120 to table 3 on host csi.gstatic.com
                    Oct 28 18:24:20 filterdns: adding entry ::2607:f8b0:4007:800:0:0 to table 3 on host csi.gstatic.com
                    Oct 28 18:24:20 filterdns: Different hostnames(csi.gstatic.com - java.com) resolve to same ip address
                    Oct 28 18:24:20 filterdns: Different hostnames(csi.gstatic.com - java.com) resolve to same ip address
                    Oct 28 18:26:50 dnsmasq[91393]: exiting on receipt of SIGTERM
                    Oct 28 18:26:51 dnsmasq[71899]: started, version 2.66 cachesize 10000
                    Oct 28 18:26:51 dnsmasq[71899]: compile time options: IPv6 GNU-getopt no-DBus i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack no-ipset auth
                    Oct 28 18:26:51 dnsmasq[71899]: reading /etc/resolv.conf
                    Oct 28 18:26:51 dnsmasq[71899]: using nameserver 192.168.1.1#53
                    Oct 28 18:26:51 dnsmasq[71899]: read /etc/hosts - 6 addresses
                    Oct 28 18:28:14 dnsmasq[71899]: exiting on receipt of SIGTERM
                    Oct 28 18:28:15 dnsmasq[36229]: started, version 2.66 cachesize 10000
                    Oct 28 18:28:15 dnsmasq[36229]: compile time options: IPv6 GNU-getopt no-DBus i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack no-ipset auth
                    Oct 28 18:28:15 dnsmasq[36229]: reading /etc/resolv.conf
                    Oct 28 18:28:15 dnsmasq[36229]: using nameserver 192.168.1.1#53
                    Oct 28 18:28:15 dnsmasq[36229]: read /etc/hosts - 6 addresses
                    Oct 28 18:30:10 filterdns: failed to resolve host op.cm-vfxira.pt will retry later again.
                    Oct 28 18:30:10 filterdns: failed to resolve host google.com will retry later again.
                    Oct 28 18:30:10 filterdns: failed to resolve host google.com will retry later again.
                    Oct 28 18:30:10 filterdns: failed to resolve host gstatic.com will retry later again.
                    Oct 28 18:30:10 filterdns: failed to resolve host javadl-esd.sun.com will retry later again.
                    Oct 28 18:30:10 filterdns: failed to resolve host java.com will retry later again.
                    Oct 28 18:30:10 filterdns: failed to resolve host javadl-esd.sun.com will retry later again.
                    Oct 28 18:30:10 filterdns: failed to resolve host csi.gstatic.com will retry later again.
                    Oct 28 18:30:10 filterdns: failed to resolve host op.cm-vfxira.pt will retry later again.
                    Oct 28 18:30:10 filterdns: failed to resolve host csi.gstatic.com will retry later again.
                    Oct 28 18:30:10 filterdns: failed to resolve host maps.google.com will retry later again.
                    Oct 28 18:30:10 filterdns: failed to resolve host javadl.sun.com will retry later again.
                    Oct 28 18:30:10 filterdns: failed to resolve host maps.google.com will retry later again.
                    Oct 28 18:30:10 filterdns: failed to resolve host javadl.sun.com will retry later again.
                    Oct 28 18:30:10 filterdns: failed to resolve host java.com will retry later again.
                    Oct 28 18:30:10 filterdns: failed to resolve host gstatic.com will retry later again.
                    Oct 28 18:30:17 dnsmasq[36229]: reading /etc/resolv.conf
                    Oct 28 18:30:17 dnsmasq[36229]: using nameserver 212.113.191.130#53
                    Oct 28 18:30:17 dnsmasq[36229]: using nameserver 212.113.191.129#53

                    pelo que percebo disso,  :-[ :-[ o pfsense nem consegue pingar o gateway da operadora… :S

                    de qualquer maneira, se eu ligar um PC tudo funciona como deve de ser, inclusive os PING's.... :S

                    Relativamente a outro tipo de autenticação, na minha operadora penso que não exista...

                    tive a correr o TCPDUMP na interface WAN do pfsense, e não vejo o tráfego dos utilizadores a sair para a internet... mesmo fazendo reboot ao pfsense e ao router

                    um abraço

                    1 Reply Last reply Reply Quote 0
                    • M
                      marcelloc
                      last edited by Oct 29, 2013, 2:34 AM

                      Tente desabilitar o gateway monitoring.

                      Treinamentos de Elite: http://sys-squad.com

                      Help a community developer! ;D

                      1 Reply Last reply Reply Quote 0
                      • A
                        Akill
                        last edited by Oct 29, 2013, 9:23 AM

                        Boas,

                        Marcelloc para desabilitar basta meter a seguinte configuração certo?!

                        Gateway Monitoring
                        State Killing on Gateway Failure The monitoring process will flush states for a gateway that goes down if this box is not checked. Check this box to disable this behavior.

                        Skip rules when gateway is dow By default, when a rule has a specific gateway set, and this gateway is down, rule is created and traffic is sent to default gateway.This option overrides that behavior and the rule is not created when gateway is down

                        ambas as opções estão desativas…
                        Vou fazer os testes, assim que poder coloco aqui o resultado.

                        um abraço e obrigado

                        1 Reply Last reply Reply Quote 0
                        • M
                          marcelloc
                          last edited by Oct 29, 2013, 4:54 PM

                          system -> routing -> edit -> Disable Gateway Monitoring

                          Treinamentos de Elite: http://sys-squad.com

                          Help a community developer! ;D

                          1 Reply Last reply Reply Quote 0
                          12 out of 12
                          • First post
                            12/12
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                            This community forum collects and processes your personal information.
                            consent.not_received