HTTPS on bridged LAN



  • Hi,

    we have pfSense running on a Machine with 4 NICs (but one doesn't matter here). One WAN, one LAN as usual and OPT1 (named PHN) bridged with LAN (see screenshots). Some firewalling is going on between LAN and PHN (due to ~reasons). Now, machines in LAN have no trouble at all accessing the Internet, but machines on PHN cannot access HTTPS content. HTTP content works, SSH works, but not HTTPS.

    It is not a configuration problem of the machine in PHN, as a) it is able to access HTTPS content from servers on LAN and b) I've hooked up a working laptop into the PHN NIC and it was then unable to access HTTPS.

    I've been testing the following scenario:

    • 192.168.123.227 is the client on PHN trying to access https://www.google.de
    • 74.125.230.88 is google.de
    • 192.168.123.254 is the internal IP of the firewall
    • 131.220.109.144 is the external IP of the firewall

    I've attached screenshots of the firewall-log and one packetcapture searching for packets from or to google. As one can see, the client sends a https SYN directed to google, the firewall passes it, NATs it, google replies SYN ACK and this package somehow gets lost. And I don't know why. (Outbound NAT is set to automatic.)

    I figure this ought to be some kind of routing/NAT problem, but I cannot wrap my head around it (which is why I put it in General Questions).

    As bridged local Networks should be commonly used (like on LAN/WLAN setups) there must be something obvious I'm missing.

    I'm happy to provide any additional information about our network, firewall configuration etc. if needed.

    Regards.

    EDIT: pfsense version 1.2.3-RELEASE








Log in to reply