Issues with two external websites on same subnet
-
So then pfSense is not part of the problem directly if it's working fine when you test it from WAN. What packages are you running? You said proxy which is squid. Anything else? Snort, suricata, pfBlocker?
-
@KOM sorry but I'm very confused...
I can't understand why do you think that pfSense is not part of the problem...
perhaps I don't have clearly described my situation:LAN PC -----> pfSense ----> ISProuter ----> internet ----> provider subnet ----> webserver (issue)
LAN PC ----> ISProuter ----> internet ----> provider subnet ----> webserver (no issue)
Regarding packages, I tried to disable squid wihout success... I don't have anymore.... today I tried to install snort in alert mode for testing purposes... but the problem was present before...
-
@Beppe said in Issues with two external websites on same subnet:
I can't understand why do you think that pfSense is not part of the problem
I didn't ask you to disconnect pfSense. I asked you to test from the WAN side, not the LAN side. For example, if you were testing from your LAN and you go through squid and squid causes the problem, then your external users won't have the same problem since they're not going through your proxy on LAN. Whenever you're testing forwarded servers, it's best to test from the public Internet, not your LAN.
-
sorry @KOM ... but the subnet with the two web servers is outside my network... it's not connected directly to myPfSense... it's hosted somewhere over the internet... (the two webservers are not mine!)
-
I've done other test...
My ISP give me an Huawei AR1220E router with different interfaces...pfSense WAN is connected to Huawei GE8, which is set in transparent mode (so pfSense WAN IP is the public ip).
Huawei GE0 is set in routed mode with DHCP.
So if I connect PC to GE0 all works fine.... but if I set PC's NIC with public address (the same who use pfSense) and I connect to Huawei GE8, the problem occours...
At this point I think that there is a mistake in Huawei configuration... actually problem is not related to pfSense... do test on different router interfaces from different one used by pfSense tricked me
-
Ah, sorry I thought they were your servers on your network. Duh for me.
So is squid still running or not? I tried both sites you listed and they work fine for me. They load and no timeouts, unless your problem is deeper in the site. I don't have a login.
You seem to have a LOT of LAN rules. If you block all by default and then only specifically allow traffic then you're going to have these types of problems.
And yes, maybe it's a problem with your ISP or their equipment.
-
@KOM
I tried both situation... squid running and not... nothing change at all!
The problem occours at first stage... login page don't load completly...
I tried also to remove all firewall rules... but problem is still present...
tomorrow morning I'll call ISP for verify router configuration...thanks mate
-
OK then for sure I can say that these pages load fine for me behind pfSense.
I hope you get it sorted out.
-
Both are working well from my side now with fastweb. ciao beppe
-
@kiokoman said in Issues with two external websites on same subnet:
Both are working well from my side now with fastweb. ciao beppe
grazie @kiokoman !
