[SOLVED] ISP filter tcp connections from wanv4 public IP GW



  • Buenas guys,

    First of all, I thought the pfsense repository's address had changed, but after some tests I saw that it was not.

    I talked to the technicians of my ISP and clarified some things.

    The pfsense is trying to get out by our point-to-point GW, but our provider filters tcp connections originating from this GW.

    E.g: tcpdump from pfsense to dst host 208.123.73.88

    root: tcpdump -vv -n -i em1 dst host 208.123.73.88
    tcpdump: listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes
    capability mode sandbox enabled
    
    14:31:52.759933 IP (tos 0x0, ttl 64, id 64689, offset 0, flags [DF], proto TCP (6), length 60)
        200.xxx.xxx.xxx.43155 > 208.123.73.88.443: Flags [s], cksum 0xdb0d (correct), seq 343126142, win 65228, options [mss 1460,nop,wscale 7,sackOK,TS val 11326114 ecr 0], length 0
    
    What I need to do: Say to the pfsense get out by my main VLAN.
    
    How to do that?[/s]
    

  • LAYER 8 Netgate

    Does the "main VLAN" have public, routeable IP addresses?

    If so then you want to disable outbound NAT on WAN for traffic sourced from those IP addresses.

    https://doc.pfsense.org/index.php/How_can_I_use_public_IPs_on_the_LAN

    If not, I'm not sure what you're asking.



  • @Derelict:

    Does the "main VLAN" have public, routeable IP addresses?

    If so then you want to disable outbound NAT on WAN for traffic sourced from those IP addresses.

    https://doc.pfsense.org/index.php/How_can_I_use_public_IPs_on_the_LAN

    If not, I'm not sure what you're asking.

    ~~Thanks for the answer Derelict!

    Yes, I have public IP routeable on that vlan and I have nothing set in Firewall > NAT, Outbound.

    Only this is enough or I need to create a rule?~~

    EDIT: SOLUTION http://www.eliaspereira.eti.br/2016/10/filtro-tcp-no-gw-principal-outbound-no.html ;D

    I made a rule in "Firewall: NAT: Outbound" with the following settings:


Log in to reply