Weird weird problem
sinisterbrain last edited by
I recently replaced a home brew linux iptables based firewall with pfSense, and with exception to this problem it works flawlessly. Here are the specs:
pfSense version 1.0.1
4 x 3Com 509c 10/100 NIC's
NO additional packages installed
We have a host with vmware server running on it and several guest virtual machines.
We moved the machine and all of it's virtual hosts behind psSense and created Port-Forwarding rules (with matching Filter Rules) for ports 80 and 22 for each of the virtual machines. This is where it gets weird…
All of the machines, virtuals and host, can ping and ssh to/from anywhere. But ALL HTTP requests fail. This includes requests from AND to the internet (via wget or any other command that uses http). On the local network and between the virtual machines, everything works fine.
Move the physical host to another network that goes through the pfSense, it and all the virtual machines work fine. Move it back to the DMZ and it stops working.
Move any of the virtual machines to another physical host with ZERO changes otherwise, and they work fine.
We have another vmware host with the SAME hardware and base OS (same revision and all) works perfectly fine inbound and outbound. All the problems are with the single host.
We re-installed the operating system assuming that maybe the system drivers may be corrupt... same OS, version, and updated it. No success.
We checked to make sure there was no local firewalls on ANY of the virtual machines or host, and even uninstalled iptables and rebooted them to be absolutely sure.
Everything else works fine BUT HTTP requests inbound or outbound.
I performed tcpdump's in front of and inside the firewall with the same results. I forgot to copy and paste so no details, but this is a summary of what I see:
From the problem machine to google.com:
Dst: Push... etc
From the outside to the problem machines:
Src: Push... etc
And NAT was working properly.
Someone please tell me something constructive, because we're out of ideas.
All the other hosts on the DMZ work fine.
sullrich last edited by
1. Update to a recent snapshot? ( http://snapshots.pfsense.com/FreeBSD6/RELENG_1/ ) Still having issues, go to #2
2. System -> Advanced -> Disable Firewall Scrub, enable this option. Work now?