pfsense blocks everything in lan
-
hi my big friends!i have a hard problem( my English is not very good.
help me in already, not the first time I put pfsense I have such a problem with default settings on pfsense there is internet with pings coming from it but I also have pings on the network but no sites or rdp open (( I can not figure out what the reason, in the tab firewall rules lan there is a default rule that allows everything, Default allow LAN to any rule
In the system-advanced- / Firewall & NAT settings, Disable Firewall- Disable all packet filtering was disabled. did not help(
-
Is your WAN in the same subnet as your LAN?
-
@chpalmer
no, my wan static ip 95.174.101.191
my lan ip 10.10.0.120 (pfsense) dncp 10.10.0.xxx -
Does the ping work as well if you change the source to the LAN address?
-
@viragomann yes, the ping works with any local address, and 192.168.100.120 but the sites do not open on the computer there is no access to the rdp connections, there is no access to anything at all
-
Try a ping from a LAN device by using the IP address (77.88.55.80 or any other) to rule out DNS issues.
-
@viragomann said in pfsense blocks everything in lan:
ry a ping from a LAN device by using the IP address (77.88.55.80 or any other) to rule out DNS issues
ping passes, my ping goes from the computer to all addresses but the page does not load and there is no access to any service skype, pdp, outlook and more services
-
@viragomann right from pfsense, everything works and downloads updates, installed packages
-
@евгений said in pfsense blocks everything in lan:
ping passes, my ping goes from the computer to all addresses but the page does not load and there is no access to any service skype, pdp, outlook and more services
The only issue that comes up my mind with that is an asymmetric routing. Do you have multiple gateways between your LAN and WAN?
-
@viragomann said in pfsense blocks everything in lan:
The only issue that comes up my mind with that is an asymmetric routing. Do you have multiple gateways between your LAN and WAN?
no one gateway
-
- pfctl -s nat
no nat proto carp all
nat-anchor "natearly/" all
nat-anchor "natrules/" all
nat on pppoe0 inet from 127.0.0.0/8 to any port = isakmp -> 95.174.110.204 static-port
nat on pppoe0 inet from 192.168.1.0/24 to any port = isakmp -> 95.174.110.204 static-port
nat on pppoe0 inet6 from ::1 to any port = isakmp -> (pppoe0) round-robin static-port
nat on pppoe0 inet from 127.0.0.0/8 to any -> 95.174.110.204 port 1024:65535
nat on pppoe0 inet from 192.168.1.0/24 to any -> 95.174.110.204 port 1024:65535
nat on pppoe0 inet6 from ::1 to any -> (pppoe0) port 1024:65535 round-robin
no rdr proto carp all
rdr-anchor "relayd/" all
rdr-anchor "tftp-proxy/" all
rdr-anchor "miniupnpd" all -
TCPDUMP
-
@евгений
On which interface the packet capture was taken?Tue to your NAT rules, I assume that your LAN network is 192.168.1.0/24, you didn't mention.
However, the packet capture doesn't show any packet from the network. Moreover it shows packets out of 172.16.10.0/24, which should not arrive on the WAN interface, cause they are out of RFC1918. -
@viragomann
I did it through DHCP through the second router. This is the subnet of the second router. I thought maybe the problem would go away. All the same will disappear ...
Well, that is, to a wan provider, a zyxel attachment on it raised its ppoe to its subnet 172.16.10.xxx and lan router stuck in wan pfsense (dhcp)
everything goes to zyxel everything works. -
-
gods pfsense save me ))
