Firewall rules not working anymore after reboot (bandwidthd installed)



  • Hi,

    I had a very nice running Transparent Firewall with 1.2BETA1 / snapshot 06-06-2007. I was running as it should and I installed Bandwidthd to get some extra graphics what was working fine.

    Because my system has 2 working CPU's and pfsense only saw 1CPU I rebooted the system yesterday and when Bandwidthd was starting I saw a very short error where don't know of what it is.

    What I was facing after this reboot was that dnsresolving to the outside world was not working anymore. http from the outside was working well, just inside could not reach any DNS server anymore that was behind the transparent firewall.

    Checking what was wrong I saw that there were no firewall logs anymore, a reboot didn't fix it. I thought of updating the system with the latest build of 22 Jun, what actually is the stable Beta1 version of 30 April, this also didn't fix the problem and still no FW-logs.

    I can ping internal hosts, on the PFsense I can ping external hosts, but only on IP. Firewall rules are the same.

    The bridge was working, so I enabled the firewalls on the local machines again and turned the firewall of on the Pfsense box, it works now only as a bridge what seems to be working very well.

    Because I can't see anything in my logs fir firewalling I can't figure out what this problem might be. Other logs are working fine and nothing too see actually.

    I hope this is only a slight problem.

    Thanks,

    Matt



  • Hi,

    OK, the firewall for incomming traffic does work again after upgrading to the snapshot of 06-06-2007 again.

    Problem it that traffic from inside to outside is still not allowed with an any rule on the lan interface.

    DNS resolving works, but no ping, mail or whatever from inside to outside, strange is that webservers are working actually serving HTTP pages.

    Nothing has been changed on the rules when it stopped working, just a reboot.

    I enabled the logging again and see logfiles ( I needed some sleep), but still than, not logs for that inside=> outside issue.



  • Ok Solved,

    It seems that the IP adress of the LAN side in a bridge really should be different than on the WAN-IP.

    But, it needs to be in the same subnet or it will not work 100% well.

    I have the feeling that this IP on LAN can be used for another system because it does not exist in the ARP table on the router.

    But, beware, this adress is needed different AND needs to be in the same SubNet !!!



  • @Matts:

    Ok Solved,

    It seems that the IP adress of the LAN side in a bridge really should be different than on the WAN-IP.

    But, it needs to be in the same subnet or it will not work 100% well.

    I have the feeling that this IP on LAN can be used for another system because it does not exist in the ARP table on the router.

    But, beware, this adress is needed different AND needs to be in the same SubNet !!!

    Yeah I verified that's a bug. I opened a ticket.
    http://cvstrac.pfsense.org/tktview?tn=1352


Log in to reply