Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    LAN to DMZ blocked?

    Firewalling
    2
    3
    1732
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      vcba79 last edited by

      Hi, all

      I have pfsense box running 1.2 embedded. Recently, I tried to upgrade to 1.2.3 release but have some questions:

      1. I prepared a new CF with 1.2.3 image, can I replace 1.2 CF with new one and simply upload current 1.2 configuration? Will this cause any problem?

      2. I put 1.2.3 release CF into current firewall and do some tests. I have LAN (192.168.1.1/24), DMZ (192.168.2.1/24) interfaces. PC inside LAN subnet can ping 192.168.1.1, but not 192.168.2.1. LAN subnet have any access, so is DMZ subnet. How can I find out what went wrong?

      Thank you,

      Vincent

      1 Reply Last reply Reply Quote 0
      • GruensFroeschli
        GruensFroeschli last edited by

        1: Yes you should be able without a problem to just upload the config you had before.

        2: Look at the firewall-log, make a TCP dump if the traffic actually gets to the other interface, post screenshots of your rule.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • V
          vcba79 last edited by

          I have done some more test and have log looks like below. The traffic passed but connection always timeout.

          Dec 18 11:44:59 LAN 192.168.1.10:63705 192.168.2.5:53 UDP

          ping,vnc,ssh all traffic passed, but get timeout after a while. Before move to pfsense from m0n0wall, I also tried pfsense 1.2.1,1.2.2 release. Those release have the same issue. But 1.2.0 release works great, any knowen issue for later release?

          Using WebUI ping utility from DMZ interface to 192.168.2.5 also got 100% packet loss.

          Thanks,

          1 Reply Last reply Reply Quote 0
          • First post
            Last post