Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Single Host Not Connectible (QNAP) - Highly Unusual

    IPsec
    1
    2
    2456
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      adprom last edited by

      Have a weird issue I have done some diagnosis of.

      Situation is as follows:
      Network 1 behind pfsense connects to network 2 behind a fritzbox. Everything can connect to anything and that works well. Except for one situation. On network 1, there is a QNAP fileserver. It cannot connect to anything on network 2 and vice versa. On network 1, the pfsense is actually a virtual appliance within an vmware esxi host.

      This is where it gets odd, after a pfsense reboot, from network 2, you can ping the qnap and 1 ICMP request will work and all others from then on will time out. Same situation if you ping any host on network 2 from the qnap.

      Even weirder, ping the pfsense router from the qnap - and that works fine. Run a traceroute to the fritzbox from the qnap and you get the following:

      traceroute to 192.168.0.1 (192.168.0.1), 30 hops max, 40 byte packets
      1  Fileserver (192.168.1.1)  3007.03 ms !H  3005.7 ms !H  3005.96 ms !H

      You get weird response. High response times and doesn't even try for 2nd hop.

      From any other host:
      Tracing route to 192.168.0.1 over a maximum of 30 hops

      1     2 ms     1 ms     1 ms  pfSense.local [192.168.1.254]
       2    36 ms    35 ms    34 ms  192.168.0.1

      Before pfsense 2.0.1 this worked fine as well. No issues with interconnect. I have also tried doing a fresh reinstall and same result, so appears to be a bug that has introduced. Also, there is a QNAP on network 2 which I can access from network 1 just fine. I have changed the IP address of the QNAP to see what happens, same thing. Everything else works fine which suggests routing, firewall etc is all fine. Nothing appears in firewall log.

      In addition to that on startup you get the following:
      :.     02-25-13 21:47:46 - [filter_load]There were error(s) loading the rules: /tmp/rules.debug:61: macro not defined/tmp/rules.debug:61: syntax error/tmp/rules.debug:62: macro not definedpfctl: Syntax error in config file: pf rules not loaded The line in question reads [61]: rdr on $ proto gre from any to any -> 192.168.1.220     .:.

      192.168.1.220 is a remote access server which is defined under pptp redirection. So the warning appears like it could be unrelated, but I don't know.

      All settings were entered manually. For the fresh install, I deployed the ova template rather than installing myself.

      1 Reply Last reply Reply Quote 0
      • A
        adprom last edited by

        Workaround! Just found due to another post that this is fixed by http://forum.pfsense.org/index.php/topic,57995.0.html

        Frustrating to say the least

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy