Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Static Route + Firewall Problem

    Scheduled Pinned Locked Moved General pfSense Questions
    2 Posts 2 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      beandj
      last edited by

      Hi guys,

      I read a lot of things here, but didn't work for me.

      My current version: 2.0.3-RELEASE (amd64)
      2 NIC (WAN + LAN)
      2 Gateways

      WAN - pppoe
      LAN - 10.0.0.0/24
      default gateway - dynamic by WAN
      vpn gateway - 10.0.0.240

      static routes:
      172.27.254.0/24
      10.10.14.0/24

      what works:

      • Internet  OK
      • Ping my static routes OK
      • Access static routes OK (browser, ssh)

      problems encountered:
      if I use the the pfsense my default gateway, my connection to client vpn (10.0.0.240) drops every 200KB
      I can't commit to a SVN, use SCP from linux or Filezilla…

      what I've done

      • check "Bypass firewall rules for traffic on the same interface" but nothing happens
      • when I "pfctl -d" all works fine (like Disable Filters on Advanced page) but I need the firewall

      SCP with firewall ON (the transfer stop  ~200kb)

      10:20:20.328499 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [s], seq 2663523693, win 65535, options [mss 1460,nop,wscale 7,nop,nop,sackOK], length 0
      10:20:20.328604 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [s], seq 2663523693, win 65535, options [mss 1460,nop,wscale 7,nop,nop,sackOK], length 0
      10:20:20.328630 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 60
      10:20:20.345278 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 329830141, win 32768, length 0
      10:20:20.345308 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 1, win 32768, length 0
      10:20:20.345325 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:20:20.387924 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 23, win 32767, length 43
      10:20:20.387957 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 23, win 32767, length 43
      10:20:20.388424 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 23, win 32767, length 640
      10:20:20.388446 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 23, win 32767, length 640
      10:20:20.424078 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 663, win 32762, length 16
      10:20:20.424117 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 663, win 32762, length 16
      10:20:20.487749 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 943, win 32760, length 272
      10:20:20.487788 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 943, win 32760, length 272
      10:20:20.567467 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1535, win 32768, length 16
      10:20:20.567520 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1535, win 32768, length 16
      10:20:20.567677 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1535, win 32768, length 52
      10:20:20.567687 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1535, win 32768, length 52
      10:20:20.587388 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1587, win 32767, length 68
      10:20:20.587409 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1587, win 32767, length 68
      10:20:20.606277 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1655, win 32767, length 296
      10:20:20.606301 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1655, win 32767, length 296
      10:20:20.636186 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1691, win 32766, length 68
      10:20:20.636217 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1691, win 32766, length 68
      10:20:20.654028 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1743, win 32766, length 84
      10:20:20.654052 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1743, win 32766, length 84
      10:20:20.654221 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1743, win 32766, length 68
      10:20:20.654230 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1743, win 32766, length 68
      10:20:20.677838 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1831, win 32765, length 52
      10:20:20.677861 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1831, win 32765, length 52
      10:20:20.865714 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1883, win 32765, length 52
      10:20:20.865735 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1883, win 32765, length 52
      10:20:20.886146 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1983, win 32764, length 68
      10:20:20.886166 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 1983, win 32764, length 68
      10:20:20.904182 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 2083, win 32763, length 68
      10:20:20.904205 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 2083, win 32763, length 68
      10:20:20.923463 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 2151, win 32763, length 68
      10:20:20.923495 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 2151, win 32763, length 68
      10:20:20.941057 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 2219, win 32762, length 68
      10:20:20.941073 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 2219, win 32762, length 68
      10:20:20.958715 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 2319, win 32761, length 68
      10:20:20.958738 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 2319, win 32761, length 68
      10:20:20.976117 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 2387, win 32761, length 68
      10:20:20.976137 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 2387, win 32761, length 68
      10:20:21.038788 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5147, win 32768, length 0
      10:20:21.038831 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5147, win 32768, length 0
      10:20:21.059559 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 5607, win 32764, length 68
      10:20:21.059582 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 5607, win 32764, length 68
      10:20:21.076978 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 5691, win 32763, length 68
      10:20:21.076994 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 5691, win 32763, length 68
      10:20:21.152443 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5759, win 32763, length 0
      10:20:21.152464 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5759, win 32763, length 0
      10:20:26.045553 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 5759, win 32763, length 100
      10:20:26.045571 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 5759, win 32763, length 100
      10:20:26.067247 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 5923, win 32761, length 116
      10:20:26.067264 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [P.], ack 5923, win 32761, length 116
      10:20:26.104566 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:20:26.104586 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:20:26.104930 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:20:26.104943 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:20:26.105189 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:20:26.105201 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:20:26.105305 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:20:26.105317 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:20:26.105422 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:20:26.105431 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:20:26.175292 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:20:26.175313 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:20:26.175966 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:20:26.175978 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:20:26.176201 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:20:26.176212 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:20:26.176706 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:20:26.176718 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:20:26.177681 IP 10.0.0.119.50543 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      
      SCP with firewall off
      [code]10:24:26.589689 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [s], seq 3841722664, win 65535, options [mss 1460,nop,wscale 7,nop,nop,sackOK], length 0
      10:24:26.589698 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [s], seq 3841722664, win 65535, options [mss 1460,nop,wscale 7,nop,nop,sackOK], length 0
      10:24:26.589706 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 60
      10:24:26.605976 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 432157001, win 32768, length 0
      10:24:26.605986 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 1, win 32768, length 0
      10:24:26.605995 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:26.648540 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 23, win 32767, length 43
      10:24:26.648549 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 23, win 32767, length 43
      10:24:26.648557 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:26.649499 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 23, win 32767, length 640
      10:24:26.649507 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 23, win 32767, length 640
      10:24:26.649514 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:26.678233 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 663, win 32762, length 16
      10:24:26.678239 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 663, win 32762, length 16
      10:24:26.678247 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:26.745263 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 943, win 32760, length 272
      10:24:26.745271 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 943, win 32760, length 272
      10:24:26.745279 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:26.822460 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1535, win 32768, length 16
      10:24:26.822469 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1535, win 32768, length 16
      10:24:26.822477 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:26.822653 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1535, win 32768, length 52
      10:24:26.822659 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1535, win 32768, length 52
      10:24:26.822665 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:26.842685 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1587, win 32767, length 68
      10:24:26.842694 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1587, win 32767, length 68
      10:24:26.842701 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:26.860447 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1655, win 32767, length 296
      10:24:26.860455 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1655, win 32767, length 296
      10:24:26.860463 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:27.047968 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1691, win 32766, length 68
      10:24:27.047982 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1691, win 32766, length 68
      10:24:27.047990 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:27.066237 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1743, win 32766, length 84
      10:24:27.066255 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1743, win 32766, length 84
      10:24:27.066269 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:27.066452 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1743, win 32766, length 68
      10:24:27.066459 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1743, win 32766, length 68
      10:24:27.066465 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:27.096770 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1831, win 32765, length 52
      10:24:27.096779 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1831, win 32765, length 52
      10:24:27.096787 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:27.256835 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1883, win 32765, length 52
      10:24:27.256845 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1883, win 32765, length 52
      10:24:27.256853 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:27.279246 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1983, win 32764, length 68
      10:24:27.279255 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 1983, win 32764, length 68
      10:24:27.279262 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:27.296835 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 2083, win 32763, length 68
      10:24:27.296844 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 2083, win 32763, length 68
      10:24:27.296852 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:27.320146 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 2151, win 32763, length 68
      10:24:27.320158 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 2151, win 32763, length 68
      10:24:27.320167 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:27.337792 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 2219, win 32762, length 68
      10:24:27.337801 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 2219, win 32762, length 68
      10:24:27.337807 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:27.355334 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 2319, win 32761, length 68
      10:24:27.355341 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 2319, win 32761, length 68
      10:24:27.355347 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:27.372934 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 2387, win 32761, length 68
      10:24:27.372942 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 2387, win 32761, length 68
      10:24:27.372949 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:27.425040 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5147, win 32768, length 0
      10:24:27.425049 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5147, win 32768, length 0
      10:24:27.425058 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:27.447112 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 5607, win 32764, length 68
      10:24:27.447123 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 5607, win 32764, length 68
      10:24:27.447131 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:27.465107 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 5691, win 32763, length 68
      10:24:27.465116 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 5691, win 32763, length 68
      10:24:27.465123 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:27.532881 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5759, win 32763, length 0
      10:24:27.532891 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5759, win 32763, length 0
      10:24:27.532899 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:32.025766 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 5759, win 32763, length 100
      10:24:32.025775 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 5759, win 32763, length 100
      10:24:32.025782 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:32.044769 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 5923, win 32761, length 116
      10:24:32.044778 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [P.], ack 5923, win 32761, length 116
      10:24:32.044784 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:32.063724 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:24:32.063734 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:24:32.063741 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:32.064060 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:24:32.064067 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:24:32.064073 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:32.064215 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:24:32.064223 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:24:32.064228 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:32.064380 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:24:32.064385 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:24:32.064391 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:32.064632 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:24:32.064639 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:24:32.064645 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:32.104583 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:24:32.104592 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:24:32.104600 IP fw01.owse.net > 10.0.0.119: ICMP redirect 172.27.254.103 to host 10.0.0.240, length 48
      10:24:32.104971 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      10:24:32.104978 IP 10.0.0.119.50579 > 172.27.254.103.ssh: Flags [.], ack 5991, win 32761, length 1380
      
      my route table
      [code]Routing tables
      
      Internet:
      Destination        Gateway            Flags    Refs      Use  Netif Expire
      default            177.133.132.1.dyna UGS         0   252811 pppoe0
      10.0.0.0           link#1             U           0 43554023    em0
      fw01               link#1             UHS         0        3    lo0
      10.10.254.0        10.0.0.240         UGS         0        0    em0
      localhost          link#5             UH          0   107860    lo0
      140.85.0.0         10.0.0.240         UGS         0        1    em0
      172.27.254.0       10.0.0.240         UGS         0    59979    em0
      177.133.132.1.dyna link#9             UH          0     4987 pppoe0
      186.215.235.182.st link#9             UHS         0       10    lo0
      [/code]
      
      sorry for my poor English
      
      [/s][/s][/code][/s][/s]
      
      1 Reply Last reply Reply Quote 0
      • jimpJ Offline
        jimp Rebel Alliance Developer Netgate
        last edited by

        You probably need to check System > Advanced, Firewall Tab, "Bypass firewall rules for traffic on the same interface"

        Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

        Need help fast? Netgate Global Support!

        Do not Chat/PM for help!

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.