Access ISP router within "child" pfSense LAN network

fearlessfara

@johnpoz Thanks for the answer. I am not forcing traffic out a VPN connection. Traffic goes straing from the WAN interface of my pfSense to one of the LAN interfaces of the ISP modem. No interfaces are overlapping for sure (DHCP enabled too).
The connection between those two hosts is OK (I can ping 192.168.1.1) but when I try to access the management page on port 80 I think it drops the connection or it just times out.
I have pfBlockerNG installed on the pfSense but I dont think that this could cause any kind of issues.
Honestly this is a pretty stock otb pfSense installation, I didn't set particular thing or Vlans, anything really.

johnpoz

Suggest you sniff on the wan when you try and access web gui of 192.168.1.1 - do you get a response, is your source natted to 192.168.1.X (whatever wan IP of your psfense is) etc..

Your wan has a 192.168.1.X address right? Your not using a PPPoE connection?

fearlessfara

@johnpoz Here's what I see when i sniff the traffic going in/outbound

16:29:50.144463 IP 192.168.1.56 > 192.168.1.1: ICMP echo request, id 19542, seq 37578, length 9
16:29:50.144945 IP 192.168.1.1 > 192.168.1.56: ICMP echo reply, id 19542, seq 37578, length 9
16:29:50.364933 IP 192.168.1.56.45561 > 192.168.1.1.80: tcp 0
16:29:50.365415 IP 192.168.1.1.80 > 192.168.1.56.45561: tcp 0
16:29:50.646389 IP 192.168.1.56 > 192.168.1.1: ICMP echo request, id 19542, seq 37579, length 9
16:29:50.647026 IP 192.168.1.1 > 192.168.1.56: ICMP echo reply, id 19542, seq 37579, length 9
16:29:51.110850 IP 192.168.1.1.80 > 192.168.1.56.60194: tcp 0
16:29:51.111345 IP 192.168.1.56.60194 > 192.168.1.1.80: tcp 0
16:29:51.151052 IP 192.168.1.56 > 192.168.1.1: ICMP echo request, id 19542, seq 37580, length 9
16:29:51.151534 IP 192.168.1.1 > 192.168.1.56: ICMP echo reply, id 19542, seq 37580, length 9

As you can see there is clearly something wrong with those addresses, honestly I don't know why it is fitting the port as part of the IP address (and then obviusly the tcp is 0 because of I don't know what reason but it seems fair to be like that).
Looks like maybe the pfSense is doing something that malforms the request?
N.B. 192.168.1.56 is the pfSense WAN interface IP on the ISP subnet.

johnpoz

@fearlessfara said in Access ISP router within "child" pfSense LAN network:

16:29:50.364933 IP 192.168.1.56.45561 > 192.168.1.1.80: tcp 0
16:29:50.365415 IP 192.168.1.1.80 > 192.168.1.56.45561: tcp 0

that is typical and correct to what you should see.. sniff will show the source and dest ports like that.. Open that up say wireshark, or increase the verbosity of the sniff. I assume that is syn and syn,ack in response.

but he could be send you back RST? Which would mean F off..

fearlessfara

@johnpoz The RST TCP message was my greatest fear to be honest. I've reset the ISP router to its factory defaults and managed to isolate that the problem was (as I supposed on the pfSense). Now I'm gonna reset the pfSense too and see if it finally works again as normal.

johnpoz

@fearlessfara said in Access ISP router within "child" pfSense LAN network:

to isolate that the problem was (as I supposed on the pfSense).

And how exactly did you do that? To pfsense 192.168.1.1 is no different than 8.8.8.8 - if it sends on the traffic and nats it to its wan IP, what else do you think it should do?

fearlessfara

@johnpoz I dindn't recognize what was the source of the problem. I went by exclusion. After doing all the configurations of the ISP and checking that those were correct I had to exclude that there was a network misconfiguration on the side of the ISP device.
Then I started troubleshooting (again) on the pfSense, I removed all the installed plugins (and still had that problem) then I went doing all the setup wizard again (this seems to be the "final solution" to my problem) and now it looks like it's working as it should be.
Moral of the story: I made the setup wizard and now I can finally access my beloved ISP router again.

johnpoz

@fearlessfara said in Access ISP router within "child" pfSense LAN network:

I made the setup wizard

You never ran the wizard before? Were clients able to access internet sites?

The default IP of pfsense would of conflicted with your ISP devices lan.. Out of the box pfsense lan is 192.168.1.1/24 - so yeah that would of prevented access..

fearlessfara

@johnpoz Yes, I obviously had configured the pfSense before (using the setup wizard) and then I had to change the subnet to 10.0.0.1/24 to not overlap the parent one (I'm not really new to networking, but I am on pfSense ). To be honest this problem came up at some random point in the past days. I can't get to understand what caused it, really strange, isn't it?

johnpoz

Yeah if you were running fine on 10.0.0/24 for a while and could access the internet.. Possible something didn't complete when you changed the lan network? Just guessing..

But from your sniff pfsense looks to had sent on the traffic and natted to its wan IP.. I would of checked your state table next.. etc.

But glad you got it sorted..

fearlessfara

@johnpoz The LAN subnet configuration was ok, because I changed it when I installed the pfsense (otherwise as you said before it would have overlapped ISP router’s LAN). Looks a lil strange to me that I didn’t find the problem. Maybe looking at the state table would have been a good idea but since I’ve solved it “the easy way” and the state table is now renewed it’s useless now to take a look at it. Thanks for the help by the way!