Must be Missing something
-
Currently on a version 2.2.4-RELEASE. I am having problems reaching some private networks through pfsence. To try to get this working I put the top rule as a pass any any
IPv4 * LAN net * * * * none Default allow LAN to any rule
I have 2 rules on the Wan side, one of them is my OpenVPN
- Reserved/not assigned by IANA * * * * * * Block bogon networks
IPv4 UDP * * WAN address 1194 (OpenVPN) * none OpenVPN NT wizard
Im on the 10.169.169.0 network and Im reaching 90% of my other private IP range but for some reason the equipment on the 172.16.50.0 port 80 is returning
No data received
ERR_EMPTY_RESPONSE
and I can telnet to it also and it connects but never shows the login prompt
I can reach 172.16.15.x and 172.16.16 through the firewall and if I unplug the computer and move to my other connection I can reach them plus the 172.16.50 network works also via telnet and http. I dont understand what Im doing wrong. If you can tell me what other info you need to look at I can get it posted.
thanks
- Reserved/not assigned by IANA * * * * * * Block bogon networks
-
Anything in your Firewall log?
-
There was some in there but nothing having to do with 172.16.50.x
-
Rules on WAN for OpenVPN are pretty meaningless. Either the tunnel comes up or it doesn't. You should be more concerned with the rules on your OpenVPN and LAN interfaces/interface groups.
-
The rules was put there by the openvpn wizard. The OpenVPN works flawlessly and has nothing to do with this problem. I am working at the site trying to get the network accessable.
-
You need to provide more information about what networks are where.
-
Misc Routers/ Switches and equipment at about 14 locations.
172.16.15.0 /24
172.16.16.0 /24
172.16.50.0 /24
192.168.104 /24
192.168.105 /24 –----------> Cisco 12000 -----------> Cisco 6509 -----------> Server w/PFSense -------------> 15 Employees
10.1.1.0 /24 Wan 209.2xx.xx.x / 10.169.169.0 /24
10.100.1.0/27
10.100.11.0 /27Employees can get to any private subnet except 172.16.50.x. I can ping it and get replys, I can telnet to it, once it connects it never gets to the login page and port 80 and 443 give me a
No data received
ERR_EMPTY_RESPONSE
Under the Diag Port test I get " Connection to 172.16.50.10 80 port [tcp/http] succeeded!"
-
I'd check the config in the Ciscos. There's really nothing in pfSense that would cause that.
-
You may have to roll up your sleeves and capture some packets on both ends to see where the breakdown occurs.
-
If I bypass PFSense and go direct into a cisco Device I can get to it fine. It has something to do with the Nat'ing or Firewall within this PFSense box. I have done a little capturing but Everything points at the PFSense server and I dont know how to get around it. I have had good luck with it but for some reason this is fighting me and I dont know how to get around it.
-
Is there anything unique about 172.16.50.x as compared to 172.16.15.x or 172.16.16.x?? Are these VLANs? Maybe we should start with your interface details, NAT rules and firewall rules screenshots.
-
Here is the interfaces and rules
![wan interface.png](/public/imported_attachments/1/wan interface.png)
![wan interface.png_thumb](/public/imported_attachments/1/wan interface.png_thumb)
![Lan interface.png](/public/imported_attachments/1/Lan interface.png)
![Lan interface.png_thumb](/public/imported_attachments/1/Lan interface.png_thumb)
-
There is nothing there that would cause what you're seeing.
You're going to need to post a packet capture on WAN of a connection attempt filtered by the destination IP address.