LAN to OPT "web" server not responding



  • Hi,

    At home I have a pfSense with 3 NIC, WAN (DHCP), LAN (10.77.2.1/24) and OPT1 (192.168.15.2/24), I used to have a service like Vonage, using the same gateway, but the provider is a Canadian company called babyTel.  I connected the WAN interface of the Linksys to my LAN switch and the phone is working, I wanted to access the webGUI of the linksys through the OPT, so I assigned a static IP address to my OPT of 192.168.15.2 (the Linksys router takes 192.168.15.1) and then connect the OPT NIC in one of the 3 LAN ports of the Linksys.

    I have put a rule in the Firewall allowing OPT comminucation to WAN and/or LAN ( *  OPT1 net  *  *  *  *)

    Okay, now the fun part, I can trace route from my LAN PC (10.77.2.25) to the linksys (192.168.15.1) and it work fine everytime, when I try to access it using FireFox I get no response. I see nothing in the log indicating that the request have been denied, I only see babyTel server trying to access my OPT1 NIC on port 5065 if I remember correctly, it's strange they try to contact this address, I will investigate later about that, as soon as I can access the webGUI from LAN to OPT.

    Now the question, what am I doing wrong ?

    Here is a representation of my current setup.



  • I guess this is a routing issue. There are some loops in this scenario. Your babytel has it's default gateway at it's wan interface. If you now try to access it at lan the request comes from the other subnet which is actually the WAN-subnet of the babytel, so the babytel answers back on the wrong interface. Not too sure, this setup is quite confusing but I suspect that it is something like that.



  • The path from workstation to phone (192 segment) goes through the firewall.  The path from phone to workstation goes back through the 10.77 path as it's local attached.  You've created an asymetric path which isn't condusive to stateful inspection (or security).

    –Bill



  • Thanks for your reply, it will probably be simplier to enable webGUI on the wan interface of my babyTel gateway.

    Thanks for your great work on that firewall package, I love my now really effective QoS provided by pfSense… The QoS of the linksys is weak, as I use my bandwidth almost 100% anytime.

    MageMinds


Locked