Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Can only see outside ip address from 1 internal subnet

    General pfSense Questions
    1
    2
    15
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Brahma6 last edited by

      Hello

      I am having issues with my pfSense firewall.
      It has been running pretty much flawlessly for about a year.
      Sometime in the last few weeks an issue has popped up.

      Here is a general layout.

      My network is split into 3 subnets.

      We have a WAN, a main 10 LAN, and a 192 back end. *

      We can no longer reach one of our WP servers from our 10 LAN.

      I can get to it from the 192 network, but when we try and get to it from the 10 network the packets never leave the 10 networks interface on the firewall. ie no packets show up on the WAN interface.

      When pinging the WP server...

      Capture from the 10 LAN

      08:20:40.470822 IP 10.10.0.71 > 189.167.253.16: ICMP echo request, id 1, seq 7458, length 40
      08:20:45.474219 IP 10.10.0.71 > 189.167.253.16: ICMP echo request, id 1, seq 7459, length 40

      Capture from the 192 LAN

      09:07:48.608735 IP 192.168.68.71 > 189.167.253.16: ICMP echo request, id 1, seq 7972, length 40
      09:07:48.625756 IP 189.167.253.16 > 192.168.68.71: ICMP echo reply, id 1, seq 7972, length 40

      The state table from the 10 LAN after pinging the target IP from the 10 LAN
      MAIN_10 icmp 10.10.0.71:1 -> 189.167.253.16:1 0:0 4 / 0 240 B / 0 B

      I have disabled all blocking rules on the 10 network, and floating rules.

      When I disabled the BOGON block on the 10 interface, pinging 189.167.253.16 worked for about 8 packets and then stopped working again.

      Any help would be greatly appreciated.

      • none of the IP addresses are real
      1 Reply Last reply Reply Quote 0
      • B
        Brahma6 last edited by Brahma6

        I was doing some testing today and this is the output from a pfTop

        pfTop: Up Rule 1-181/181 (0), View: rules
        RULE ACTION DIR LOG Q IF PR K PKTS BYTES STATES MAX INFO
        0 Pass Any 0 0 * all
        1 Pass Any 0 0 * all
        2 Pass Any 0 0 * all
        3 Block In Log Q 25 2454 * drop inet from 169.254.0.0/16 to any
        4 Block In Log Q 27 2187 * drop inet from any to 169.254.0.0/16
        5 Block In Log 39086 6476285 * drop inet all
        6 Block Out Log 73 59514 * drop inet all

        Rule 5 increments with ping requests to the target wordpress server we are having problems getting to.

        Any idea where rule 5 is coming from?

        Thanks

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense Plus
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy