Can't get private IPs on WAN
-
Ok, guess I'm being really dense, but I don't remember having anything special for that other than a couple of port forwards on the old WISP router for TeamSpeak and Ventrilo that I don't use anymore.
-
Does that mean it's fixed? pfSense, by default, blocks private addresses in and out of WAN.
-
Do you have Block Private and Block Bogons unchecked on WAN ??
At this time, neither are checked on WISPWAN or LAN. Bogons is checked on SATWAN.
This NAT rule didn't allow me to ping from 7.2 either…....
-
What about WAN 2 on "pfSense router" with 192.168.7.x?
-
Opt1 is WAN2 and called WISPWAN, so no, neither are checked on it. If I understand your question…..
-
All I can do is ask about names in your diagram. It should work. Probably time for a packet capture of your WAN 2 interface. (Diagnostics->Packet Capture). See if the echo request is going out and if the reply is coming back.
-
No, don't get me wrong. I fully understand that non-standard nomenclature can be confusing and I truly appreciate your time and effort in trying to help me resolve my problem.
Am checking Packet Capture now…....
-
Ok, I am beginning to understand the problem a little better, but still not any clearer on the solution. ICMP requests are going out, but the WISP router is forwarding all out it's WAN but it's own instead of servicing them on it's LAN…....
From my pfSense WAN2 interface.....
18:16:09.816997 IP 69.31.135.173 > 192.168.168.169: ICMP net 192.168.168.104 unreachable, length 76
18:16:09.989043 IP 192.168.168.169 > 192.168.168.1: ICMP echo request, id 16761, seq 25859, length 44
18:16:09.991400 IP 192.168.168.1 > 192.168.168.169: ICMP echo reply, id 16761, seq 25859, length 44
18:16:10.033050 IP 204.2.241.93 > 192.168.168.169: ICMP net 192.168.168.243 unreachable, length 76
18:16:10.365821 IP 204.2.241.93 > 192.168.168.169: ICMP net 192.168.168.26 unreachable, length 76
18:16:10.994894 IP 192.168.168.169 > 192.168.168.1: ICMP echo request, id 16761, seq 26115, length 44
18:16:11.032200 IP 192.168.168.1 > 192.168.168.169: ICMP echo reply, id 16761, seq 26115, length 44
18:16:12.001169 IP 192.168.168.169 > 192.168.168.1: ICMP echo request, id 16761, seq 26371, length 44
18:16:12.003212 IP 192.168.168.1 > 192.168.168.169: ICMP echo reply, id 16761, seq 26371, length 44
18:16:12.400989 IP 192.168.168.169 > 192.168.168.79: ICMP echo request, id 62320, seq 64155, length 12
18:16:12.402974 IP 192.168.168.169 > 192.168.168.81: ICMP echo request, id 8092, seq 64411, length 12..... any thoughts?
-
Good question for them.
Looks like it's not pfSense.
-
Unfortunately, that is a pfSense router also and I maintain it, as I mentioned in my opening…...
I'm tired of fighting with this and am relatively certain that it is something simple that I am overlooking, but I cannot get devices on my LAN to communicate with devices on one of my WAN interfaces that I help manage for a local WISP. It used to work fine, but after a update or recovery from a crash (I tend to test things on my pfSense before I institute them on the one that supports the WISP) it no longer will even see any of the devices on the WAN other than the GW and my WAN interface.
….... so here I am again, hat in hand. Trying to figure out what I have done :-[
-
Found it! The Allow Any rule on the WISP LAN interface didn't get changed when they quit using two ISPs. So the Gateway was pointing to a Gateway Group that was only halfway working (it had one non-existent Gateway/Interface in it). I set it to the default Gateway and my traffic is no longer being forwarded.
Thank you, so very much, for persevering with me through this ordeal. I have been beating my head against the wall alone for months on end trying to figure out what I had done or in this case had NOT done.
Now I can look into several other things that have been on hold pending the reconciliation of this problem.
-
Good to hear. Congrats.