[SOLVED] ISP filter tcp connections from wanv4 public IP GW

empbilly

Buenas guys,

First of all, I thought the pfsense repository's address had changed, but after some tests I saw that it was not.

I talked to the technicians of my ISP and clarified some things.

The pfsense is trying to get out by our point-to-point GW, but our provider filters tcp connections originating from this GW.

E.g: tcpdump from pfsense to dst host 208.123.73.88

root: tcpdump -vv -n -i em1 dst host 208.123.73.88
tcpdump: listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes
capability mode sandbox enabled

14:31:52.759933 IP (tos 0x0, ttl 64, id 64689, offset 0, flags [DF], proto TCP (6), length 60)
    200.xxx.xxx.xxx.43155 > 208.123.73.88.443: Flags [s], cksum 0xdb0d (correct), seq 343126142, win 65228, options [mss 1460,nop,wscale 7,sackOK,TS val 11326114 ecr 0], length 0

What I need to do: Say to the pfsense get out by my main VLAN.

How to do that?[/s]

Derelict

Does the "main VLAN" have public, routeable IP addresses?

If so then you want to disable outbound NAT on WAN for traffic sourced from those IP addresses.

https://doc.pfsense.org/index.php/How_can_I_use_public_IPs_on_the_LAN

If not, I'm not sure what you're asking.

empbilly

@Derelict:

Does the "main VLAN" have public, routeable IP addresses?

If so then you want to disable outbound NAT on WAN for traffic sourced from those IP addresses.

https://doc.pfsense.org/index.php/How_can_I_use_public_IPs_on_the_LAN

If not, I'm not sure what you're asking.

~~Thanks for the answer Derelict!

Yes, I have public IP routeable on that vlan and I have nothing set in Firewall > NAT, Outbound.

Only this is enough or I need to create a rule?~~

EDIT: SOLUTION http://www.eliaspereira.eti.br/2016/10/filtro-tcp-no-gw-principal-outbound-no.html ;D

I made a rule in "Firewall: NAT: Outbound" with the following settings: