OPT1 NETWORK SCENARIO



  • Dear Sirs,

    I have the following scenario:

    172.16.50.2/24              eth0/0172.16.50.1/24                              eth0/0 172.16.20.1                    172.16.20.2
    PC1–-----Ethernet-------cisco805router------framerelay link--------cisco1700-------Ethernet-------OPT1 PFSENSE--------WAN
                                                                                                                                                        |
                                                                                                                                                      LAN                           
    the cisco routers uses RIPv2
    RIPv2 is installed on pfsense and enabled on OPT1 and LAN(192.168.10.x)
    PC1 is unable to access the internet
    OPT1 firewall allow access to the internet rule:  *      *    *    ! LAN NET  *  *

    PC1 is able to access LAN
    LAN is able to access PC_1

    PC1 is unable to access the internet. why? solution?

    Sam
    Running snapshot 21feb2007 live in my enterprise



  • Try tracerouting back and forth to see where it breaks. I would start with pass any any any rules to see if the routing is working (at all interfaces except WAN).



  • Dear Hoba,

    i traced the route from 172.16.50.1 the result was the following:

    Tracing route to www.l.google.com [209.85.135.99]
    over a maximum of 30 hops:

    1    1 ms    1 ms    1 ms  172.16.50.1
      2    40 ms    41 ms    41 ms  10.10.10.9
      3    41 ms    41 ms    41 ms  172.16.20.2
      4    *        *        *    Request timed out.
      5    *        *        *    Request timed out.
      6    *        *        *    Request timed out.
      7    *        *        *    Request timed out.
      8    *        *        *    Request timed out.
      9    *        *        *    Request timed out.
    10    *        *

    then from a traceroute from pfsense box to 172.16.50.1:

    1  172.16.20.1 (172.16.20.1)  0.914 ms  0.788 ms  0.753 ms
    2  10.10.10.10 (10.10.10.10)  36.351 ms  36.420 ms  34.343 ms
    3  172.16.50.2 (172.16.50.2)  36.846 ms  37.828 ms  39.367 ms

    pinging from PFSENSE WAN interface:

    PING 172.16.50.2 (172.16.50.2) from 196.202.253.150: 56 data bytes
    64 bytes from 172.16.50.2: icmp_seq=0 ttl=126 time=44.298 ms
    64 bytes from 172.16.50.2: icmp_seq=1 ttl=126 time=44.086 ms
    64 bytes from 172.16.50.2: icmp_seq=2 ttl=126 time=41.903 ms

    –- 172.16.50.2 ping statistics ---
    3 packets transmitted, 3 packets received, 0% packet loss
    round-trip min/avg/max/stddev = 41.903/43.429/44.298/1.083 ms



  • @samer79:

    Dear Sirs,

    I have the following scenario:

    172.16.50.2/24              eth0/0172.16.50.1/24                              eth0/0 172.16.20.1                    172.16.20.2
    PC1–-----Ethernet-------cisco805router------framerelay link--------cisco1700-------Ethernet-------OPT1 PFSENSE--------WAN
                                                                                                                                                         |
                                                                                                                                                       LAN                             
    the cisco routers uses RIPv2
    RIPv2 is installed on pfsense and enabled on OPT1 and LAN(192.168.10.x)
    PC1 is unable to access the internet
    OPT1 firewall allow access to the internet rule:   *      *     *     ! LAN NET   *   *

    PC1 is able to access LAN
    LAN is able to access PC_1

    PC1 is unable to access the internet. why? solution?

    Sam
    Running snapshot 21feb2007 live in my enterprise

    try this
    OPT1 firewall allow access to the internet rule:  *      *    *    !LAN NET  *  *

    i think the space between ! and lan made the ! portion off the rule to be ignored
    and made id
    *      *    *  !  LAN NET  *  *
    with will give you access from the opt interface only to the lan network and the ! network
    and thus not to the wan network



  • Please you help will be highly appreciated.
    Thanks


Log in to reply