Pfsense drop some packets?
this is my configuration
10.1.1.254 (pfsense) for NAT using & also set a WAN IP
But my 10.1.2.x can ping 10.1.1.x ,but can't ping WAN's any IP
it can't connect 10.1.1.x by any tcp packets
When I ssh from 10.1.1.x to 10.1.2.x ,it failed ,too.
Maybe pfsense drop some ACK packet from 10.1.1.x to 10.1.2.x
How can I tune my pfsense , make it pass this kind of packets,or filter loosely?
What subnet mask are you using? If it's not /24 (or greater) then that will cause the problem you're describing.
So I should set subnet mask /24 in pfsense?
I did but it doesn't work..
From 10.1.2.x traceroute 10.1.1.x
or other way ,I set 10.1.2.x default route 10.1.1.247
It work fine,
So I think pfsense have something wrong
I found system log
block Apr 30 03:39:48 LAN 10.1.1.115:80 10.1.2.101:51992 TCP
The rule that triggered this action is:
@49 block drop in log quick all label "Default deny rule"
from 10.1.1.115 to 10.1.2.101 packet been drop by pfsense
How could I make it pass @@
All the 10. networks need to be using /24 (or greater) based upon what little you've posted.
Maybe if you posted a simple diagram of your network, showing what's connected where and what the IP addresses and subnet masks are?
| private LAN
10.1.1.254(pfsense) NAT –------------------------>10.1.2.254(route)
with public ip ^ |
| | | |
| 10.1.1.247(static route) | 10.1.2.x/24
I think problem happens here.
pfsense drop tcp packets from 10.1.1.x/24 to 10.1.2.x/24
but I change firewall's setting , it's doesn't work.
when I tried telnet 10.1.1.x/24 port 80 from 10.1.2.x/24
always got a time-out result..
Do you have rules on both interfaces allowing traffic to the other LAN? Are the clients on each LAN able to reac the Internet?
Do you really have 10.1.1.x/24 on both the WAN and the LAN interfaces of the pfSense host?