pfsense blocks everything in lan

viragomann

Does the ping work as well if you change the source to the LAN address?

Евгений

@viragomann yes, the ping works with any local address, and 192.168.100.120 but the sites do not open on the computer there is no access to the rdp connections, there is no access to anything at all

viragomann

Try a ping from a LAN device by using the IP address (77.88.55.80 or any other) to rule out DNS issues.

Евгений

@viragomann said in pfsense blocks everything in lan:

ry a ping from a LAN device by using the IP address (77.88.55.80 or any other) to rule out DNS issues

ping passes, my ping goes from the computer to all addresses but the page does not load and there is no access to any service skype, pdp, outlook and more services

Евгений

@viragomann right from pfsense, everything works and downloads updates, installed packages

viragomann

@евгений said in pfsense blocks everything in lan:

ping passes, my ping goes from the computer to all addresses but the page does not load and there is no access to any service skype, pdp, outlook and more services

The only issue that comes up my mind with that is an asymmetric routing. Do you have multiple gateways between your LAN and WAN?

Евгений

@viragomann said in pfsense blocks everything in lan:

The only issue that comes up my mind with that is an asymmetric routing. Do you have multiple gateways between your LAN and WAN?

no one gateway

Евгений

@viragomann

• pfctl -s nat

no nat proto carp all
nat-anchor "natearly/" all
nat-anchor "natrules/" all
nat on pppoe0 inet from 127.0.0.0/8 to any port = isakmp -> 95.174.110.204 static-port
nat on pppoe0 inet from 192.168.1.0/24 to any port = isakmp -> 95.174.110.204 static-port
nat on pppoe0 inet6 from ::1 to any port = isakmp -> (pppoe0) round-robin static-port
nat on pppoe0 inet from 127.0.0.0/8 to any -> 95.174.110.204 port 1024:65535
nat on pppoe0 inet from 192.168.1.0/24 to any -> 95.174.110.204 port 1024:65535
nat on pppoe0 inet6 from ::1 to any -> (pppoe0) port 1024:65535 round-robin
no rdr proto carp all
rdr-anchor "relayd/" all
rdr-anchor "tftp-proxy/" all
rdr-anchor "miniupnpd" all

Евгений

TCPDUMP

0_1545906109805_tcpdmp.txt

viragomann

@евгений
On which interface the packet capture was taken?

Tue to your NAT rules, I assume that your LAN network is 192.168.1.0/24, you didn't mention.
However, the packet capture doesn't show any packet from the network. Moreover it shows packets out of 172.16.10.0/24, which should not arrive on the WAN interface, cause they are out of RFC1918.

Евгений

@viragomann
I did it through DHCP through the second router. This is the subnet of the second router. I thought maybe the problem would go away. All the same will disappear ...
Well, that is, to a wan provider, a zyxel attachment on it raised its ppoe to its subnet 172.16.10.xxx and lan router stuck in wan pfsense (dhcp)
everything goes to zyxel everything works.

Евгений

@viragomann 0_1545911420458_lantcpdump.txt

LAN

Евгений

gods pfsense save me ))