LAN to DMZ blocked?
I have pfsense box running 1.2 embedded. Recently, I tried to upgrade to 1.2.3 release but have some questions:
1. I prepared a new CF with 1.2.3 image, can I replace 1.2 CF with new one and simply upload current 1.2 configuration? Will this cause any problem?
2. I put 1.2.3 release CF into current firewall and do some tests. I have LAN (192.168.1.1/24), DMZ (192.168.2.1/24) interfaces. PC inside LAN subnet can ping 192.168.1.1, but not 192.168.2.1. LAN subnet have any access, so is DMZ subnet. How can I find out what went wrong?
GruensFroeschli last edited by
1: Yes you should be able without a problem to just upload the config you had before.
2: Look at the firewall-log, make a TCP dump if the traffic actually gets to the other interface, post screenshots of your rule.
I have done some more test and have log looks like below. The traffic passed but connection always timeout.
Dec 18 11:44:59 LAN 192.168.1.10:63705 192.168.2.5:53 UDP
ping,vnc,ssh all traffic passed, but get timeout after a while. Before move to pfsense from m0n0wall, I also tried pfsense 1.2.1,1.2.2 release. Those release have the same issue. But 1.2.0 release works great, any knowen issue for later release?
Using WebUI ping utility from DMZ interface to 192.168.2.5 also got 100% packet loss.