Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    HTTPS on bridged LAN

    Scheduled Pinned Locked Moved General pfSense Questions
    1 Posts 1 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • U
      uzb
      last edited by

      Hi,

      we have pfSense running on a Machine with 4 NICs (but one doesn't matter here). One WAN, one LAN as usual and OPT1 (named PHN) bridged with LAN (see screenshots). Some firewalling is going on between LAN and PHN (due to ~reasons). Now, machines in LAN have no trouble at all accessing the Internet, but machines on PHN cannot access HTTPS content. HTTP content works, SSH works, but not HTTPS.

      It is not a configuration problem of the machine in PHN, as a) it is able to access HTTPS content from servers on LAN and b) I've hooked up a working laptop into the PHN NIC and it was then unable to access HTTPS.

      I've been testing the following scenario:

      • 192.168.123.227 is the client on PHN trying to access https://www.google.de
      • 74.125.230.88 is google.de
      • 192.168.123.254 is the internal IP of the firewall
      • 131.220.109.144 is the external IP of the firewall

      I've attached screenshots of the firewall-log and one packetcapture searching for packets from or to google. As one can see, the client sends a https SYN directed to google, the firewall passes it, NATs it, google replies SYN ACK and this package somehow gets lost. And I don't know why. (Outbound NAT is set to automatic.)

      I figure this ought to be some kind of routing/NAT problem, but I cannot wrap my head around it (which is why I put it in General Questions).

      As bridged local Networks should be commonly used (like on LAN/WLAN setups) there must be something obvious I'm missing.

      I'm happy to provide any additional information about our network, firewall configuration etc. if needed.

      Regards.

      EDIT: pfsense version 1.2.3-RELEASE
      lan.png
      lan.png_thumb
      phn.png
      phn.png_thumb
      fw-log.PNG
      fw-log.PNG_thumb
      wireshark.png
      wireshark.png_thumb

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.