Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense ligado a uma porta em modo bridge

    Scheduled Pinned Locked Moved Portuguese
    12 Posts 3 Posters 4.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Akill
      last edited by

      boas,

      obrigado desde já pela sua rápida resposta.

      relativamente ás regras está a permitir tudo da LAN para fora… Até porque os testes foram feitas exactamente com as mesmas configurações a nivel de regras...

      relativamente ao PING, se eu ligar o pfsense na porta em bridge do router, não consigo se quer ter internet no pfsense, nem efectuar ping para fora.

      Se eu ligar o pfsense, exactamente com as mesmas configurações, numa das outras portas do router (não estão em modo bridge) consigo ter internet, fazer ping, navegar, tudo na perfeição.

      em todos os testes, a WAN do pfsense está configurado com DHCP, sendo que é a minha operadora de internet, responsável por atribuir o IP publico, quando ligo um equipamento na porta em modo bridge.

      dado que liguei um portatil nessa mesma porta (em modo bridge) e tudo funciona na perfeição, leva-me a querer que é um bug do pfsense... :S

      um abraço

      1 Reply Last reply Reply Quote 0
      • J
        joaobrn
        last edited by

        Qual modelo de modem vc está utilizando, pois tem alguns modems que tem a opção de vc utilizar PPPOE e Brigde simultaneamente e se por acaso sua PPPOE estiver ligada vc não consegue navegar mesmo pegando IP pelo modo Brigde no pfsense. Eu tive esse caso em um cliente e só desativei e passou a funcionar.

        Seria interessante tb vc verificar as configurações de DNS.

        Se vc der um tracert vc consegue chegar pelo menos na primeira borda depois do PFSense?

        Atenciosamente,

        João Batista da Rocha Neto
        ROCHA NETO - Consultoria em TI
        Fone: (34) 99943-1030
        Skype: joaobrn.rochanetoconsultoria

        1 Reply Last reply Reply Quote 0
        • A
          Akill
          last edited by

          Mas se assim foce, o teste que fiz com o PC nessa mesma porta, tambem não funcionava certo?! e neste caso com um PC com o windows 7 funciona na perfeição.

          1 Reply Last reply Reply Quote 0
          • marcellocM
            marcelloc
            last edited by

            Sabe usar o tcpdump?

            Consegue rodar na wan enquanto o ip publico está atribuído no pfsense?

            Treinamentos de Elite: http://sys-squad.com

            Help a community developer! ;D

            1 Reply Last reply Reply Quote 0
            • A
              Akill
              last edited by

              boas marcelloc,

              sei sim… e quando fiz os testes só vejo pedidos ARP a chegar a minha interface WAN... muitos muitos mesmos... algo que também notei com o wireshark quando liguei um portátil á mesma porta bridge do router... mas penso que isso seja derivado ao facto da porta do router estar em modo bridge e apanhar directamente com todo o tráfego do segmento da rede publica ( /27).

              quando fiz os testes com o tcpdump no pfsense, não cheguei a ver se existia alguma informação sobre saída de tráfego (pós NAT), porque o servidor está num datacenter e na altura não tinha nenhum portátil comigo para analisar esse tipo de tráfego.

              já agora o modelo do router é um thomson THG540, a operadora é a ZON.

              um abraço e obrigado pelas vossas ajudas.

              1 Reply Last reply Reply Quote 0
              • J
                joaobrn
                last edited by

                Você olhou os logs do PPP pra ver se sua máquina está recebendo gateway e System pra ver se está com algum conflito?

                Atenciosamente,

                João Batista da Rocha Neto
                ROCHA NETO - Consultoria em TI
                Fone: (34) 99943-1030
                Skype: joaobrn.rochanetoconsultoria

                1 Reply Last reply Reply Quote 0
                • A
                  Akill
                  last edited by

                  boas… estão aqui os log's, pode ser que me possam ajudar... :S

                  Oct 25 18:49:31 dc_pfsense apinger: ALARM: WAN_DHCP(85.138.59.254) *** down ***
                  Oct 25 18:53:53 dc_pfsense apinger: SIGHUP received, reloading configuration.
                  Oct 25 18:53:53 dc_pfsense apinger: alarm canceled (config reload): WAN_DHCP(85.138.59.254) *** down ***
                  Oct 25 18:53:53 dc_pfsense apinger: No usable targets found, exiting
                  Oct 25 18:54:37 dc_pfsense apinger: Starting Alarm Pinger, apinger(40923)
                  Oct 25 18:54:37 dc_pfsense apinger: No usable targets found, exiting
                  Oct 25 18:55:35 dc_pfsense apinger: Starting Alarm Pinger, apinger(21463)
                  Oct 25 18:55:35 dc_pfsense apinger: No usable targets found, exiting
                  Oct 25 18:55:45 dc_pfsense apinger: Starting Alarm Pinger, apinger(10178)
                  Oct 25 18:55:45 dc_pfsense apinger: No usable targets found, exiting
                  Oct 25 18:56:14 dc_pfsense apinger: Starting Alarm Pinger, apinger(21804)
                  Oct 25 18:56:14 dc_pfsense apinger: No usable targets found, exiting
                  Oct 25 19:02:10 dc_pfsense apinger: Starting Alarm Pinger, apinger(12319)
                  Oct 25 19:02:14 dc_pfsense apinger: SIGHUP received, reloading configuration.
                  Oct 25 19:02:24 dc_pfsense apinger: ALARM: WAN_DHCP(85.138.59.254) *** down ***
                  Oct 25 19:03:32 dc_pfsense apinger: SIGHUP received, reloading configuration.
                  Oct 25 19:08:04 dc_pfsense apinger: SIGHUP received, reloading configuration.
                  Oct 25 19:08:04 dc_pfsense apinger: alarm canceled (config reload): WAN_DHCP(85.138.59.254) *** down ***
                  Oct 25 19:08:09 dc_pfsense apinger: SIGHUP received, reloading configuration.
                  Oct 25 19:10:07 dc_pfsense apinger: SIGHUP received, reloading configuration.
                  Oct 25 19:10:21 dc_pfsense apinger: SIGHUP received, reloading configuration.
                  Oct 25 19:40:49 dc_pfsense apinger: SIGHUP received, reloading configuration.
                  Oct 25 19:41:02 dc_pfsense apinger: ALARM: WAN_DHCP(192.168.1.1) *** down ***
                  Oct 25 19:42:35 dc_pfsense apinger: alarm canceled: WAN_DHCP(192.168.1.1) *** down ***
                  Oct 25 19:42:37 dc_pfsense apinger: SIGHUP received, reloading configuration.
                  Oct 25 19:55:21 apinger: Starting Alarm Pinger, apinger(22998)
                  Oct 25 19:55:22 apinger: SIGHUP received, reloading configuration.
                  Oct 28 11:14:05 apinger: Starting Alarm Pinger, apinger(23249)
                  Oct 28 11:14:06 apinger: SIGHUP received, reloading configuration.
                  Oct 28 11:19:06 apinger: SIGHUP received, reloading configuration.
                  Oct 28 18:26:48 apinger: ALARM: WAN_DHCP(192.168.1.1) *** down ***
                  Oct 28 18:30:17 apinger: SIGHUP received, reloading configuration.
                  Oct 28 18:30:17 apinger: alarm canceled (config reload): WAN_DHCP(192.168.1.1) *** down ***
                  Oct 28 18:30:27 apinger: ALARM: WAN_DHCP(81.84.139.254) *** down ***

                  Oct 28 18:14:20 filterdns: adding entry 74.125.235.239 to table 4 on host csi.gstatic.com
                  Oct 28 18:14:20 filterdns: adding entry ::2404:6800:4006:805:0:0 to table 3 on host csi.gstatic.com
                  Oct 28 18:19:20 filterdns: adding entry 173.194.126.175 to table 4 on host csi.gstatic.com
                  Oct 28 18:19:20 filterdns: Different hostnames(csi.gstatic.com - java.com) resolve to same ip address
                  Oct 28 18:19:20 filterdns: adding entry ::2607:f8b0:400c:c03:0:0 to table 3 on host csi.gstatic.com
                  Oct 28 18:19:20 filterdns: Different hostnames(csi.gstatic.com - java.com) resolve to same ip address
                  Oct 28 18:24:20 filterdns: adding entry ::2607:f8b0:4007:800:0:0 to table 4 on host csi.gstatic.com
                  Oct 28 18:24:20 filterdns: Different hostnames(csi.gstatic.com - java.com) resolve to same ip address
                  Oct 28 18:24:20 filterdns: adding entry 74.125.140.120 to table 3 on host csi.gstatic.com
                  Oct 28 18:24:20 filterdns: adding entry ::2607:f8b0:4007:800:0:0 to table 3 on host csi.gstatic.com
                  Oct 28 18:24:20 filterdns: Different hostnames(csi.gstatic.com - java.com) resolve to same ip address
                  Oct 28 18:24:20 filterdns: Different hostnames(csi.gstatic.com - java.com) resolve to same ip address
                  Oct 28 18:26:50 dnsmasq[91393]: exiting on receipt of SIGTERM
                  Oct 28 18:26:51 dnsmasq[71899]: started, version 2.66 cachesize 10000
                  Oct 28 18:26:51 dnsmasq[71899]: compile time options: IPv6 GNU-getopt no-DBus i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack no-ipset auth
                  Oct 28 18:26:51 dnsmasq[71899]: reading /etc/resolv.conf
                  Oct 28 18:26:51 dnsmasq[71899]: using nameserver 192.168.1.1#53
                  Oct 28 18:26:51 dnsmasq[71899]: read /etc/hosts - 6 addresses
                  Oct 28 18:28:14 dnsmasq[71899]: exiting on receipt of SIGTERM
                  Oct 28 18:28:15 dnsmasq[36229]: started, version 2.66 cachesize 10000
                  Oct 28 18:28:15 dnsmasq[36229]: compile time options: IPv6 GNU-getopt no-DBus i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack no-ipset auth
                  Oct 28 18:28:15 dnsmasq[36229]: reading /etc/resolv.conf
                  Oct 28 18:28:15 dnsmasq[36229]: using nameserver 192.168.1.1#53
                  Oct 28 18:28:15 dnsmasq[36229]: read /etc/hosts - 6 addresses
                  Oct 28 18:30:10 filterdns: failed to resolve host op.cm-vfxira.pt will retry later again.
                  Oct 28 18:30:10 filterdns: failed to resolve host google.com will retry later again.
                  Oct 28 18:30:10 filterdns: failed to resolve host google.com will retry later again.
                  Oct 28 18:30:10 filterdns: failed to resolve host gstatic.com will retry later again.
                  Oct 28 18:30:10 filterdns: failed to resolve host javadl-esd.sun.com will retry later again.
                  Oct 28 18:30:10 filterdns: failed to resolve host java.com will retry later again.
                  Oct 28 18:30:10 filterdns: failed to resolve host javadl-esd.sun.com will retry later again.
                  Oct 28 18:30:10 filterdns: failed to resolve host csi.gstatic.com will retry later again.
                  Oct 28 18:30:10 filterdns: failed to resolve host op.cm-vfxira.pt will retry later again.
                  Oct 28 18:30:10 filterdns: failed to resolve host csi.gstatic.com will retry later again.
                  Oct 28 18:30:10 filterdns: failed to resolve host maps.google.com will retry later again.
                  Oct 28 18:30:10 filterdns: failed to resolve host javadl.sun.com will retry later again.
                  Oct 28 18:30:10 filterdns: failed to resolve host maps.google.com will retry later again.
                  Oct 28 18:30:10 filterdns: failed to resolve host javadl.sun.com will retry later again.
                  Oct 28 18:30:10 filterdns: failed to resolve host java.com will retry later again.
                  Oct 28 18:30:10 filterdns: failed to resolve host gstatic.com will retry later again.
                  Oct 28 18:30:17 dnsmasq[36229]: reading /etc/resolv.conf
                  Oct 28 18:30:17 dnsmasq[36229]: using nameserver 212.113.191.130#53
                  Oct 28 18:30:17 dnsmasq[36229]: using nameserver 212.113.191.129#53

                  pelo que percebo disso,  :-[ :-[ o pfsense nem consegue pingar o gateway da operadora… :S

                  de qualquer maneira, se eu ligar um PC tudo funciona como deve de ser, inclusive os PING's.... :S

                  Relativamente a outro tipo de autenticação, na minha operadora penso que não exista...

                  tive a correr o TCPDUMP na interface WAN do pfsense, e não vejo o tráfego dos utilizadores a sair para a internet... mesmo fazendo reboot ao pfsense e ao router

                  um abraço

                  1 Reply Last reply Reply Quote 0
                  • marcellocM
                    marcelloc
                    last edited by

                    Tente desabilitar o gateway monitoring.

                    Treinamentos de Elite: http://sys-squad.com

                    Help a community developer! ;D

                    1 Reply Last reply Reply Quote 0
                    • A
                      Akill
                      last edited by

                      Boas,

                      Marcelloc para desabilitar basta meter a seguinte configuração certo?!

                      Gateway Monitoring
                      State Killing on Gateway Failure The monitoring process will flush states for a gateway that goes down if this box is not checked. Check this box to disable this behavior.

                      Skip rules when gateway is dow By default, when a rule has a specific gateway set, and this gateway is down, rule is created and traffic is sent to default gateway.This option overrides that behavior and the rule is not created when gateway is down

                      ambas as opções estão desativas…
                      Vou fazer os testes, assim que poder coloco aqui o resultado.

                      um abraço e obrigado

                      1 Reply Last reply Reply Quote 0
                      • marcellocM
                        marcelloc
                        last edited by

                        system -> routing -> edit -> Disable Gateway Monitoring

                        Treinamentos de Elite: http://sys-squad.com

                        Help a community developer! ;D

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.