Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    No outbound traffic in transparant bridge mode

    Scheduled Pinned Locked Moved General pfSense Questions
    13 Posts 2 Posters 801 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • stephenw10S
      stephenw10 Netgate Administrator
      last edited by

      Do you see the outbound traffic blocked in the firewall log?

      If so what exactly doe the block show? I expect it to show flagged TCP packets.

      Steve

      1 Reply Last reply Reply Quote 0
      • M
        mgielissen
        last edited by mgielissen

        There is no traffic blocked in the firewall log, traffic is passed according to the log when loggin is turned on.

        1 Reply Last reply Reply Quote 0
        • stephenw10S
          stephenw10 Netgate Administrator
          last edited by

          Then I would run a packet capture on WAN and see what's actually leaving and coming back.

          What are you actually attempting from the server that is failing? How is it failing?

          Steve

          1 Reply Last reply Reply Quote 0
          • M
            mgielissen
            last edited by

            I try to ssh to an other server on the WAN side of pfsense, only ping works and inbound traffic.

            packet dump:

            a.a.a.a.40684 > a.a.a.b.22: Flags [S], cksum 0x4434 (incorrect -> 0xca78), seq 4262675153, win 29200, options [mss 1460,sackOK,TS val 2616871823 ecr 0,nop,wscale 7], length 0
            1 Reply Last reply Reply Quote 0
            • stephenw10S
              stephenw10 Netgate Administrator
              last edited by

              OK, so no reply packets coming back at all. Is that servers MAC/IP in the ARP table?
              Can you ssh to it from pfSense?

              If there is a subnet error on one of those machine it might be replying to it's gateway and hence you have asymmetric routing.

              Steve

              1 Reply Last reply Reply Quote 0
              • M
                mgielissen
                last edited by mgielissen

                I can do SSH from pfsense to the server on the wan side. From the server on the wan side I can do SSH to the internal server.

                The ARP table only shows the bridge interface OPT1 and the gateway from the provider.

                1 Reply Last reply Reply Quote 0
                • M
                  mgielissen
                  last edited by

                  I can also pfsense from the internal server, then his mac address pops up in the arp table

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S
                    stephenw10 Netgate Administrator
                    last edited by

                    Can you ssh to pfSense from the WAN side sever to pfSense?

                    There are no reply packets at all so either the server is not replying at all or it's replying via a different route.

                    If there was some subnet mask issue or a bad route I would not expect pfSense to make any difference there. It would still fail if you removed pfSense and connected the internal server directly, is that the case?

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • M
                      mgielissen
                      last edited by

                      I can SSH from WAN to pfsense, the server works also when connected directly. When in Bridge mode, the subnet or gateway shouldn't matter?

                      1 Reply Last reply Reply Quote 0
                      • M
                        mgielissen
                        last edited by mgielissen

                        pfsense runs in a vm on proxmox, can that be a problem with the linux bridge proxmox uses?

                        I did a second setup with pfsense in NAT mode and a local IP address on the LAN side, same problem with outbound connection. I can only ping.

                        EDIT: Found the solution: disable "Hardware Checksum Offloading" for Proxmox VirtIO interface

                        1 Reply Last reply Reply Quote 1
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.