• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

General Firewallproblem with another gateway

Scheduled Pinned Locked Moved Firewalling
8 Posts 4 Posters 4.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    Tomagain
    last edited by Mar 6, 2006, 9:17 PM

    I write this abnormal pfsense question here, because i believe to find somebody with the knowhow:

    I am using pfsense beta2 embedded (wrao).
    I configuered pfsense on lan2 briged to route several static ips..

    my networks:
    wan pppoe 82.207.157.176/29
    lan as bridged 82.207.157.176/29
    opt1 (private =lan) 192.168.1.0/24

    i am using a preconfiguered red derivate server "sme" in 192.168.1.0/24
    sme: iptabeles nic1 192.168.1.1 nic2 82.207.157.179, iptables, act as gateway/firewall too

    from my client in 192.168.1.0/24 (gateway pfsense) i can´t access on 82.207.157.179
    if change the local subnet on 82.207.157.179 to 192.168.2.0/24 access via the public way = 82.207.157.179 is possible.

    Do anybody know why iptables is blocking?

    1 Reply Last reply Reply Quote 0
    • S
      sullrich
      last edited by Mar 6, 2006, 9:40 PM

      Replace the stinkin linux box with a real box.  AKA BSD.

      Problem solved.

      Seriously, you expected more asking a linux question on a BSD forum!?

      1 Reply Last reply Reply Quote 0
      • T
        Tomagain
        last edited by Mar 9, 2006, 8:58 PM

        Sorry - but i am working with preconfigured small business server sice 5 years. i am lazy in this point.
        I thought that is the firewall of the server, but today i fit a voip box -Fritzbox into the public ip space.
        The conf. possibibilities are not so good, and always the box has a gateway / routing function.

        There is the same prob. The device isnt reachable via public ip from local net.
        @sullrich:
        Do you have any idea. where is the problem - iguess it´s pfsense which see
        that the device has a local -(e.g. same local subnet) ip.

        I cant set a ping /traceroute from my local interface the public device.
        I testet it  with a other node which has 1 local ip and 1 public ip - but no routing / gateway acting - it runs!

        My conf - see at top is that i had assign the lan as with public adresse.
        And.. the opt1 iface with the nonpublic RFC 1918 adresses.

        Is it a opposit if itake Lan or opt? Preconfiguration?
        Should i change this e. g. opt1 = public network
        lan to rfc 1918?

        Thank ahead.

        1 Reply Last reply Reply Quote 0
        • J
          jeroen234
          last edited by Mar 10, 2006, 6:23 AM Mar 10, 2006, 6:21 AM

          dit you make a rule on the pfsense server to let opt1 talk to the lan network ?
          action pass
          interface opt1
          protocol any
          source any
          source portrange any any
          destaition lan subnet
          Destination port range any any

          and one to let the lan subnet talk to the opt1 subnet?
          action pass
          interface lan
          protocol any
          source any
          source portrange any any
          destaition opt1 subnet
          Destination port range any any

          1 Reply Last reply Reply Quote 0
          • T
            Tomagain
            last edited by Mar 10, 2006, 2:44 PM

            Yes if i had this only rules, then i have access on opt to lan, but no other acess outside.
            Which rule is further urgent to have access from opt1 to outside?

            1 Reply Last reply Reply Quote 0
            • H
              hoba
              last edited by Mar 10, 2006, 11:47 PM

              You grant opt1 access to estination lan subnet and lan to destination opt1 subnet. If opt1 should have access outside you need a destination any rather than only lan subnet.

              1 Reply Last reply Reply Quote 0
              • T
                Tomagain
                last edited by Mar 11, 2006, 12:02 PM

                The lan is bridget to Wan.
                But i need a rule like this to have access on lan / opt1
                *  *  *  *  *  *
                I think it´s strange, but there was no other way to have access. I tried several other combination,
                only with this rule it works.

                So i still have the prob that the other node (1 public / 1 private adress) isn´t reachable. do i have a Loop?

                netstat -rn: (looks ok)

                Internet:
                Destination        Gateway            Flags    Refs      Use  Netif Expire
                default            88.XXX.XXX.1        UGS        0    80907    ng0
                82.207.XXX.176    ff:ff:ff:ff:ff:ff  UHLWb      1    4835  sis0 =>
                82.207.XXX.176/29  link#1            UC          0        0  sis0
                82.207.XXX.177    lo0                UHS        0        0    lo0
                82.207.XXX.178    link#1            UHLW        1      10  sis0
                82.207.XXX.179    00:50:8b:bb:b4:ea  UHLW        1  543608  sis0
                82.207.XXX.180    link#1            UHLW        1      12  sis0
                82.207.XXX.181    link#1            UHLW        1      19  sis0
                82.207.XXX.182    link#1            UHLW        1      15  sis0
                82.207.XXX.183    ff:ff:ff:ff:ff:ff  UHLWb      1    4678  sis0
                88.130.64.1        82.207.XXX.177    UH          1        0    ng0
                127.0.0.1          127.0.0.1          UH          0        0    lo0
                192.168.1          link#3            UC          0        0  sis2
                192.168.1.27      00:13:d4:53:f6:c9  UHLW        1  223015  sis2
                192.168.1.75      00:15:0c:1e:2e:99  UHLW        1      172  sis2

                1 Reply Last reply Reply Quote 0
                • T
                  Tomagain
                  last edited by Mar 12, 2006, 12:31 AM

                  I fix the prob - Dummy mistake.
                  I forgot to make NAT -Outbound Rules on lan and opt1 for 192.168.1.0/24
                  X Advanced flag

                  the error was that the other machine was told on public net,  but route the packets  back on 192.168.1.0/24 iface directly to client and
                  not over the gw-adress.

                  Thanks.

                  1 Reply Last reply Reply Quote 0
                  1 out of 8
                  • First post
                    1/8
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                    This community forum collects and processes your personal information.
                    consent.not_received