OPT1 NETWORK SCENARIO

samer79

Dear Sirs,

I have the following scenario:

172.16.50.2/24              eth0/0172.16.50.1/24                              eth0/0 172.16.20.1                    172.16.20.2
PC1–-----Ethernet-------cisco805router------framerelay link--------cisco1700-------Ethernet-------OPT1 PFSENSE--------WAN
                                                                                                                                                    |
                                                                                                                                                  LAN                           
the cisco routers uses RIPv2
RIPv2 is installed on pfsense and enabled on OPT1 and LAN(192.168.10.x)
PC1 is unable to access the internet
OPT1 firewall allow access to the internet rule:  *      *    *    ! LAN NET  *  *

PC1 is able to access LAN
LAN is able to access PC_1

PC1 is unable to access the internet. why? solution?

Sam
Running snapshot 21feb2007 live in my enterprise

hoba

Try tracerouting back and forth to see where it breaks. I would start with pass any any any rules to see if the routing is working (at all interfaces except WAN).

samer79

Dear Hoba,

i traced the route from 172.16.50.1 the result was the following:

Tracing route to www.l.google.com [209.85.135.99]
over a maximum of 30 hops:

1    1 ms    1 ms    1 ms  172.16.50.1
  2    40 ms    41 ms    41 ms  10.10.10.9
  3    41 ms    41 ms    41 ms  172.16.20.2
  4    *        *        *    Request timed out.
  5    *        *        *    Request timed out.
  6    *        *        *    Request timed out.
  7    *        *        *    Request timed out.
  8    *        *        *    Request timed out.
  9    *        *        *    Request timed out.
10    *        *

then from a traceroute from pfsense box to 172.16.50.1:

1  172.16.20.1 (172.16.20.1)  0.914 ms  0.788 ms  0.753 ms
2  10.10.10.10 (10.10.10.10)  36.351 ms  36.420 ms  34.343 ms
3  172.16.50.2 (172.16.50.2)  36.846 ms  37.828 ms  39.367 ms

pinging from PFSENSE WAN interface:

PING 172.16.50.2 (172.16.50.2) from 196.202.253.150: 56 data bytes
64 bytes from 172.16.50.2: icmp_seq=0 ttl=126 time=44.298 ms
64 bytes from 172.16.50.2: icmp_seq=1 ttl=126 time=44.086 ms
64 bytes from 172.16.50.2: icmp_seq=2 ttl=126 time=41.903 ms

–- 172.16.50.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 41.903/43.429/44.298/1.083 ms

jeroen234

@samer79:

Dear Sirs,

I have the following scenario:

172.16.50.2/24              eth0/0172.16.50.1/24                              eth0/0 172.16.20.1                    172.16.20.2
PC1–-----Ethernet-------cisco805router------framerelay link--------cisco1700-------Ethernet-------OPT1 PFSENSE--------WAN
                                                                                                                                                     |
                                                                                                                                                   LAN                             
the cisco routers uses RIPv2
RIPv2 is installed on pfsense and enabled on OPT1 and LAN(192.168.10.x)
PC1 is unable to access the internet
OPT1 firewall allow access to the internet rule:   *      *     *     ! LAN NET   *   *

PC1 is able to access LAN
LAN is able to access PC_1

PC1 is unable to access the internet. why? solution?

Sam
Running snapshot 21feb2007 live in my enterprise

try this
OPT1 firewall allow access to the internet rule:  *      *    *    !LAN NET  *  *

i think the space between ! and lan made the ! portion off the rule to be ignored
and made id
*      *    *  !  LAN NET  *  *
with will give you access from the opt interface only to the lan network and the ! network
and thus not to the wan network

samer79

Please you help will be highly appreciated.
Thanks