• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[SOLVED] ISP filter tcp connections from wanv4 public IP GW

Scheduled Pinned Locked Moved Routing and Multi WAN
3 Posts 2 Posters 627 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • E
    empbilly
    last edited by Oct 11, 2016, 2:37 PM Oct 10, 2016, 7:43 PM

    Buenas guys,

    First of all, I thought the pfsense repository's address had changed, but after some tests I saw that it was not.

    I talked to the technicians of my ISP and clarified some things.

    The pfsense is trying to get out by our point-to-point GW, but our provider filters tcp connections originating from this GW.

    E.g: tcpdump from pfsense to dst host 208.123.73.88

    root: tcpdump -vv -n -i em1 dst host 208.123.73.88
    tcpdump: listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes
    capability mode sandbox enabled
    
    14:31:52.759933 IP (tos 0x0, ttl 64, id 64689, offset 0, flags [DF], proto TCP (6), length 60)
        200.xxx.xxx.xxx.43155 > 208.123.73.88.443: Flags [s], cksum 0xdb0d (correct), seq 343126142, win 65228, options [mss 1460,nop,wscale 7,sackOK,TS val 11326114 ecr 0], length 0
    
    What I need to do: Say to the pfsense get out by my main VLAN.
    
    How to do that?[/s]
    

    https://eliasmoraispereira.wordpress.com/

    1 Reply Last reply Reply Quote 0
    • D
      Derelict LAYER 8 Netgate
      last edited by Oct 11, 2016, 7:26 AM

      Does the "main VLAN" have public, routeable IP addresses?

      If so then you want to disable outbound NAT on WAN for traffic sourced from those IP addresses.

      https://doc.pfsense.org/index.php/How_can_I_use_public_IPs_on_the_LAN

      If not, I'm not sure what you're asking.

      Chattanooga, Tennessee, USA
      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
      Do Not Chat For Help! NO_WAN_EGRESS(TM)

      1 Reply Last reply Reply Quote 0
      • E
        empbilly
        last edited by Oct 11, 2016, 4:25 PM Oct 11, 2016, 12:27 PM

        @Derelict:

        Does the "main VLAN" have public, routeable IP addresses?

        If so then you want to disable outbound NAT on WAN for traffic sourced from those IP addresses.

        https://doc.pfsense.org/index.php/How_can_I_use_public_IPs_on_the_LAN

        If not, I'm not sure what you're asking.

        ~~Thanks for the answer Derelict!

        Yes, I have public IP routeable on that vlan and I have nothing set in Firewall > NAT, Outbound.

        Only this is enough or I need to create a rule?~~

        EDIT: SOLUTION http://www.eliaspereira.eti.br/2016/10/filtro-tcp-no-gw-principal-outbound-no.html ;D

        I made a rule in "Firewall: NAT: Outbound" with the following settings:

        https://eliasmoraispereira.wordpress.com/

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received