[Resolvido] Regras não funcionam em outro range de IP
-
Tenho um Pfsense 2.0 instalado e estou com a seguinte questão. A minha rede tinha esta faixa de ip 192.168.1.0/24 - como a empresa esta com muitos computadores o número de endereços já estava se esgotando e eu precisava aumentar meu range de ip. Aumentei o range baixando a máscara para 23 (255.255.254.0), como na VPN já tinhamos uma filial usando 192.168.2.0 tive que criar um novo escopo de dhcp iniciando em 192.168.0.0 com mascara 255.255.254.0.
O que esta acontecendo é que mesmo alterando a máscara de rede da LAN do pfsense para 23 os endereços que ficam em 192.168.0.X não conseguem acessar as regras de liberações do pfsense que esta configurado para liberar (internet por exemplo) na porta 80 para Lan net, como não estava funcionando troquei o Lan Net por network e coloquei o ip 192.168.0.0/23. Mesmo assim quem pega o ip 192.168.0.X não consegue acessar nenhuma regra que esteja feita no pfsense.
Obs: Quem pega o ip 192.168.0.X pinga normalmente em qualquer ip na faixa de 192.168.1.X e vice versa o problema esta apenas para acessar através do pfsense.
-
davibo, Bem vindo ao fórum! :)
Depois de alterar a mascara de rede na lan, você chegou a conferir na console se a mudança foi aplicada?
Depois de algumas alterações de rede, como por exemplo mudança de interface, é preciso reiniciar o firewall.
att,
Marcello Coutinho -
Obrigado pela resposta Marcelloc, no console esta mostrando a máscara correta mais não me lembro se reiniciei o servidor após a alteração, eu irel aguardar o final da tarde e vou dar um reboot no servidor… Volterei aqui para postar o resultado positivo ou negativo....
-
Marcello, fiz o reboot mais continuo com o problema, alguém sabe se no pfsense tem algum lugar que você insere a rede que você faz parte? Eu acredito que o pfsense ainda esta entendendo que a rede é 192.168.1.1 255.255.255.0 e não esta entendendo a nova máscara. Bom se alguem puder ajudar agradeço….
Abs,
-
Marcello, fiz o reboot mais continuo com o problema, alguém sabe se no pfsense tem algum lugar que você insere a rede que você faz parte? Eu acredito que o pfsense ainda esta entendendo que a rede é 192.168.1.1 255.255.255.0 e não esta entendendo a nova máscara. Bom se alguem puder ajudar agradeço….
Se na console e na gui aparece a mascara certa, então o pfsense já sabe o tamanho da rede.
O proximo passo é usar o tcpdump na console/ssh para indetificar onde os pacotes estão parando.
-
Marcelo aqui estão os logs que puxei de um ipfixo que setei na minha máquina para fazer um teste.
0:40:11.830158 IP 192.168.0.9.137 > 192.168.1.255.137: UDP, length 50 10:40:12.132316 IP 192.168.0.9.55843 > 74.125.234.117.443: tcp 0 10:40:12.198298 IP 192.168.0.9.55844 > 172.16.80.10.445: tcp 0 10:40:12.584225 IP 192.168.0.9 > 172.16.80.10: ICMP echo request, id 1, seq 240, length 40 10:40:13.210245 IP 192.168.0.9.55845 > 173.194.73.125.5222: tcp 0 10:40:13.270298 IP 192.168.0.9.55846 > 172.16.80.10.445: tcp 0 10:40:13.477418 IP 192.168.0.9.55851 > 173.194.73.125.5222: tcp 0 10:40:13.545834 IP 192.168.0.9.55862 > 74.125.234.131.443: tcp 0 10:40:13.771884 IP 192.168.0.9.55864 > 74.125.234.131.443: tcp 0 10:40:14.094393 IP 192.168.0.9.55853 > 74.125.234.118.443: tcp 0 10:40:14.165341 IP 192.168.0.9.55857 > 74.125.234.117.443: tcp 0 10:40:14.165356 IP 192.168.0.9.55856 > 74.125.234.118.443: tcp 0 10:40:14.311010 IP 192.168.0.9 > 172.16.80.10: ICMP echo request, id 1, seq 241, length 40 10:40:14.322417 IP 192.168.0.9.55859 > 74.125.234.118.443: tcp 0 10:40:15.401839 IP 192.168.0.9.55866 > 74.125.234.159.443: tcp 0 10:40:15.647715 IP 192.168.0.9.55868 > 74.125.234.159.443: tcp 0 10:40:15.836668 IP 192.168.0.9.55873 > 186.192.82.89.80: tcp 0 10:40:15.850224 IP 192.168.0.9.55874 > 186.192.82.89.80: tcp 0 10:40:15.851785 IP 192.168.0.9.55876 > 186.192.82.89.80: tcp 0 10:40:15.854975 IP 192.168.0.9.55879 > 186.192.82.89.80: tcp 0 10:40:15.859011 IP 192.168.0.9.55881 > 186.192.82.89.80: tcp 0 10:40:15.863170 IP 192.168.0.9.55885 > 186.192.82.106.80: tcp 0 10:40:15.864111 IP 192.168.0.9.55886 > 186.192.82.89.80: tcp 0 10:40:15.865361 IP 192.168.0.9.55888 > 186.192.82.166.80: tcp 0 10:40:15.865387 IP 192.168.0.9.55889 > 186.192.82.166.80: tcp 0 10:40:15.865409 IP 192.168.0.9.55890 > 186.192.82.106.80: tcp 0 10:40:15.867701 IP 192.168.0.9.55892 > 72.164.253.17.80: tcp 0 10:40:15.869291 IP 192.168.0.9.55893 > 72.164.253.17.80: tcp 0 10:40:15.872846 IP 192.168.0.9.55898 > 186.192.82.163.80: tcp 0 10:40:15.873939 IP 192.168.0.9.55900 > 186.192.82.11.80: tcp 0 10:40:15.874095 IP 192.168.0.9.55897 > 186.192.82.163.80: tcp 0 10:40:15.878299 IP 192.168.0.9.55904 > 186.192.82.11.80: tcp 0 10:40:15.879858 IP 192.168.0.9.55907 > 186.192.82.11.80: tcp 0 10:40:15.880015 IP 192.168.0.9.55906 > 186.192.82.11.80: tcp 0 10:40:15.880796 IP 192.168.0.9.55909 > 186.192.82.11.80: tcp 0 10:40:15.881871 IP 192.168.0.9.55911 > 186.192.82.11.80: tcp 0 10:40:15.883669 IP 192.168.0.9.55914 > 186.192.82.35.80: tcp 0 10:40:15.884139 IP 192.168.0.9.55913 > 72.164.252.235.80: tcp 0 10:40:15.887223 IP 192.168.0.9.55917 > 173.252.100.27.443: tcp 0 10:40:15.887381 IP 192.168.0.9.55918 > 72.164.252.235.80: tcp 0 10:40:15.887538 IP 192.168.0.9.55919 > 23.62.34.110.443: tcp 0 10:40:15.888475 IP 192.168.0.9.55920 > 23.62.34.110.443: tcp 0 10:40:16.060819 IP 192.168.0.9.55923 > 186.192.82.163.80: tcp 0 10:40:16.065718 IP 192.168.0.9.55925 > 23.62.34.110.443: tcp 0 10:40:16.066087 IP 192.168.0.9.55926 > 173.252.100.27.443: tcp 0 10:40:16.336738 IP 192.168.0.9.137 > 172.16.80.10.137: UDP, length 50 10:40:16.338346 IP 192.168.0.9 > 172.16.80.10: ICMP echo request, id 1, seq 242, length 40 10:40:16.545576 IP 192.168.0.9.55862 > 74.125.234.131.443: tcp 0 10:40:16.576268 IP 192.168.0.9.55928 > 65.54.61.209.443: tcp 0 10:40:16.765677 IP 192.168.0.9.55864 > 74.125.234.131.443: tcp 0 10:40:16.929871 IP 192.168.0.9.55930 > 74.125.234.159.443: tcp 0 10:40:17.272987 IP 192.168.0.9.55932 > 74.125.234.159.443: tcp 0 10:40:17.494148 IP 192.168.0.9.55936 > 74.125.234.159.80: tcp 0 10:40:17.497934 IP 192.168.0.9.55937 > 74.125.234.159.80: tcp 0 10:40:17.498246 IP 192.168.0.9.55938 > 74.125.234.159.80: tcp 0 10:40:17.742352 IP 192.168.0.9.55940 > 74.125.234.159.80: tcp 0 10:40:17.837699 IP 192.168.0.9.137 > 172.16.80.10.137: UDP, length 50 10:40:18.197719 IP 192.168.0.9.55844 > 172.16.80.10.445: tcp 0 10:40:18.338243 IP 192.168.0.9 > 172.16.80.10: ICMP echo request, id 1, seq 243, length 40 10:40:18.394736 IP 192.168.0.9.55866 > 74.125.234.159.443: tcp 0 10:40:18.648764 IP 192.168.0.9.55868 > 74.125.234.159.443: tcp 0 10:40:18.842773 IP 192.168.0.9.55873 > 186.192.82.89.80: tcp 0 10:40:18.844627 IP 192.168.0.9.55874 > 186.192.82.89.80: tcp 0 10:40:18.848684 IP 192.168.0.9.55876 > 186.192.82.89.80: tcp 0 10:40:18.854727 IP 192.168.0.9.55879 > 186.192.82.89.80: tcp 0 10:40:18.858630 IP 192.168.0.9.55881 > 186.192.82.89.80: tcp 0 10:40:18.864715 IP 192.168.0.9.55889 > 186.192.82.166.80: tcp 0 10:40:18.864727 IP 192.168.0.9.55890 > 186.192.82.106.80: tcp 0 10:40:18.864738 IP 192.168.0.9.55893 > 72.164.253.17.80: tcp 0 10:40:18.864747 IP 192.168.0.9.55885 > 186.192.82.106.80: tcp 0 10:40:18.868710 IP 192.168.0.9.55892 > 72.164.253.17.80: tcp 0 10:40:18.872641 IP 192.168.0.9.55888 > 186.192.82.166.80: tcp 0 10:40:18.872652 IP 192.168.0.9.55886 > 186.192.82.89.80: tcp 0 10:40:18.874738 IP 192.168.0.9.55906 > 186.192.82.11.80: tcp 0 10:40:18.874749 IP 192.168.0.9.55898 > 186.192.82.163.80: tcp 0 10:40:18.874759 IP 192.168.0.9.55904 > 186.192.82.11.80: tcp 0 10:40:18.874769 IP 192.168.0.9.55900 > 186.192.82.11.80: tcp 0 10:40:18.874778 IP 192.168.0.9.55909 > 186.192.82.11.80: tcp 0 10:40:18.874787 IP 192.168.0.9.55911 > 186.192.82.11.80: tcp 0 10:40:18.878845 IP 192.168.0.9.55897 > 186.192.82.163.80: tcp 0 10:40:18.882746 IP 192.168.0.9.55907 > 186.192.82.11.80: tcp 0 10:40:18.884795 IP 192.168.0.9.55917 > 173.252.100.27.443: tcp 0 10:40:18.884807 IP 192.168.0.9.55914 > 186.192.82.35.80: tcp 0 10:40:18.888854 IP 192.168.0.9.55918 > 72.164.252.235.80: tcp 0 10:40:18.888865 IP 192.168.0.9.55919 > 23.62.34.110.443: tcp 0 10:40:18.892756 IP 192.168.0.9.55913 > 72.164.252.235.80: tcp 0 10:40:18.892766 IP 192.168.0.9.55920 > 23.62.34.110.443: tcp 0 10:40:19.054764 IP 192.168.0.9.55923 > 186.192.82.163.80: tcp 0 10:40:19.068815 IP 192.168.0.9.55925 > 23.62.34.110.443: tcp 0 10:40:19.072689 IP 192.168.0.9.55926 > 173.252.100.27.443: tcp 0 10:40:19.208812 IP 192.168.0.9.55845 > 173.194.73.125.5222: tcp 0 10:40:19.268782 IP 192.168.0.9.55846 > 172.16.80.10.445: tcp 0 10:40:19.339631 IP 192.168.0.9.137 > 172.16.80.10.137: UDP, length 50 10:40:19.476671 IP 192.168.0.9.55851 > 173.194.73.125.5222: tcp 0 10:40:19.580763 IP 192.168.0.9.55928 > 65.54.61.209.443: tcp 0 10:40:19.650965 IP 192.168.0.9.55942 > 65.54.61.209.443: tcp 0 10:40:19.930869 IP 192.168.0.9.55930 > 74.125.234.159.443: tcp 0 10:40:20.096801 IP 192.168.0.9.55853 > 74.125.234.118.443: tcp 0 10:40:20.166846 IP 192.168.0.9.55857 > 74.125.234.117.443: tcp 0 10:40:20.167003 IP 192.168.0.9.55856 > 74.125.234.118.443: tcp 0
O que pode estar barrando neste caso?
-
O que pode estar barrando neste caso?
Seu tcpdump só mostra 192.168.0.9 enviando pacotes, que parametros você usou para capturar este trafego?
-
Fui em Diagnóstics na interface Gráfica e Packet Capture, tentei acessar o google e mandei captar pacotes…
Agora com o parametro tcpdump -nn -ni bge0 host 192.168.0.9
14:37:13.386115 IP 192.168.0.9.17500 > 192.168.1.255.17500: UDP, length 144 14:37:13.386273 IP 192.168.0.9.17500 > 255.255.255.255.17500: UDP, length 144 14:37:13.527274 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 205, win 513, length 324 14:37:13.527304 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 205, win 513, length 276 14:37:13.527786 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 18620, win 16214, length 0 14:37:13.528411 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [P.], ack 18620, win 16214, length 84 14:37:13.528428 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [.], ack 289, win 512, length 0 14:37:13.528467 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 289, win 513, length 36 14:37:13.528568 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [P.], ack 18620, win 16214, length 52 14:37:13.528586 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [.], ack 341, win 512, length 0 14:37:13.727223 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 18656, win 16205, length 0 14:37:14.527020 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 436 14:37:14.527060 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 532 14:37:14.527543 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 19624, win 16425, length 0 14:37:15.526279 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 340 14:37:15.744243 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 19964, win 16340, length 0 14:37:16.526002 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 244 14:37:16.727416 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 20208, win 16279, length 0 14:37:16.742441 ARP, Request who-has 192.168.1.1 (00:1d:09:14:e1:11) tell 192.168.0.9, length 46 14:37:16.742447 ARP, Reply 192.168.1.1 is-at 00:1d:09:14:e1:11, length 28 14:37:17.526325 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 420 14:37:17.726501 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 20628, win 16174, length 0 14:37:18.525993 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 244 14:37:18.725509 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 20872, win 16113, length 0 14:37:19.525268 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 244 14:37:19.725590 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 21116, win 16425, length 0 14:37:20.525269 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 244 14:37:20.728570 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 21360, win 16364, length 0 14:37:21.102673 IP 192.168.0.9.50348 > 239.255.255.250.1900: UDP, length 123 14:37:21.525011 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 324 14:37:21.718791 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 21684, win 16283, length 0 14:37:22.524276 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 244 14:37:22.724795 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 21928, win 16222, length 0 14:37:23.524399 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 244 14:37:23.724883 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 22172, win 16161, length 0 14:37:24.125351 IP 192.168.0.9.50348 > 239.255.255.250.1900: UDP, length 123 14:37:24.524274 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 324 14:37:24.725025 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 22496, win 16080, length 0 14:37:25.524275 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 244 14:37:25.725106 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 22740, win 16425, length 0 14:37:26.524005 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 244 14:37:26.717060 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 22984, win 16364, length 0 14:37:27.129865 IP 192.168.0.9.50348 > 239.255.255.250.1900: UDP, length 123 14:37:27.523275 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 324 14:37:27.723221 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 23308, win 16283, length 0 14:37:28.523013 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 244 14:37:28.723289 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 23552, win 16222, length 0 14:37:29.522269 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 244 14:37:29.722269 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 23796, win 16161, length 0 14:37:30.522008 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 244 14:37:30.721434 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 24040, win 16100, length 0 14:37:31.521272 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 244 14:37:31.721532 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 24284, win 16425, length 0 14:37:32.521001 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 244 14:37:32.720563 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 24528, win 16364, length 0 14:37:33.520272 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 244 14:37:33.720594 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 24772, win 16303, length 0 14:37:34.520010 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 244 14:37:34.719700 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 25016, win 16242, length 0 14:37:35.519276 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 244 14:37:35.719777 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 25260, win 16181, length 0 14:37:36.519276 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 244 14:37:36.723845 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 25504, win 16120, length 0 14:37:37.519015 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 244 14:37:37.718949 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 25748, win 16425, length 0 14:37:38.519003 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 244 14:37:38.718916 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 25992, win 16364, length 0 14:37:39.518274 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 244 14:37:39.724920 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 26236, win 16303, length 0 14:37:40.518022 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 244 14:37:40.718102 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 26480, win 16242, length 0 14:37:41.155355 IP 192.168.0.9.50348 > 239.255.255.250.1900: UDP, length 123 14:37:41.517281 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 324 14:37:41.717207 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 26804, win 16161, length 0 14:37:42.517010 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 244 14:37:42.717123 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 27048, win 16100, length 0 14:37:43.516278 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 244 14:37:43.716216 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 27292, win 16425, length 0 14:37:44.155799 IP 192.168.0.9.50348 > 239.255.255.250.1900: UDP, length 123 14:37:44.516019 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 324 14:37:44.716344 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 27616, win 16344, length 0 14:37:45.293831 IP 192.168.0.9.17500 > 255.255.255.255.17500: UDP, length 144 14:37:45.301381 IP 192.168.0.9.17500 > 192.168.1.255.17500: UDP, length 144 14:37:45.301537 IP 192.168.0.9.17500 > 192.168.1.255.17500: UDP, length 144 14:37:45.301694 IP 192.168.0.9.17500 > 255.255.255.255.17500: UDP, length 144 14:37:45.515289 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 324 14:37:45.515319 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 276 14:37:45.515644 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 28216, win 16194, length 0 14:37:46.515022 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 341, win 513, length 340 14:37:46.515972 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [P.], ack 28556, win 16109, length 84 14:37:46.515992 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [.], ack 425, win 512, length 0 14:37:46.515995 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [P.], ack 28556, win 16109, length 52 14:37:46.516008 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [.], ack 477, win 512, length 0 14:37:46.516077 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 477, win 513, length 36 14:37:46.725553 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 28592, win 16100, length 0 14:37:47.157898 IP 192.168.0.9.50348 > 239.255.255.250.1900: UDP, length 123 14:37:47.514290 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 477, win 513, length 340 14:37:47.514329 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 477, win 513, length 516 14:37:47.514810 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 29448, win 16425, length 0 14:37:48.514027 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 477, win 513, length 340 14:37:48.713633 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 29788, win 16340, length 0 14:37:49.513280 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 477, win 513, length 244 14:37:49.714883 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 30032, win 16279, length 0 14:37:50.513288 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 477, win 513, length 244 14:37:50.713743 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 30276, win 16218, length 0 14:37:51.513298 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 477, win 513, length 244 14:37:51.712854 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 30520, win 16157, length 0 14:37:52.513288 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 477, win 513, length 244 14:37:52.721825 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 30764, win 16096, length 0 14:37:53.513283 IP 192.168.1.1.22 > 192.168.0.9.49640: Flags [P.], ack 477, win 513, length 244 14:37:53.708907 IP 192.168.0.9.49640 > 192.168.1.1.22: Flags [.], ack 31008, win 16425, length 0 14:37:54.447945 ARP, Request who-has 192.168.1.1 (00:1d:09:14:e1:11) tell 192.168.0.9, length 46 14:37:54.447952 ARP, Reply 192.168.1.1 is-at 00:1d:09:14:e1:11, length 28
Desde já, obrigado pela ajuda….
-
Você fez o acesso ssh por este ip? basicamente só aparece isso no seu tcpdump.
A partir de outra máquina, execute um tcpdump na lan outro na wan para ver se o problema não é o outbound nat.
-
Marcello muito obrigado.
Quando você falou sobre o outbond do nat fui la verificar e as regras estavam criadas para a network 192.168.1.0/24, por isso que não estava acessando. Fiz a mudança para 192.168.0.0/23 e agora quem pega o range de ip 192.168.0.X consegue navegar normalmente..
Muito obrigado pela ajuda, problema resolvido!