Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved]first pfsense and strange behaviour

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 1 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      boiss007
      last edited by

      Hello all  :D,
      So i have installed my first PFsense on a ESXi host, with only 1 NIC and i configured it like this :

      See attachement

      So PFSense on WAN, bridged to OPT1 where my servers will live.
      from internet i can access my debian server on OPT1 (ssh, apache2, ftp…)
      but my server cannot ping (ping 8.8.8.8 result in 100% packet loss) or resolve any url (cannot resolve address)
      So i guess i must have missed something...

      I just made the minimal rules on PFSense :
      OPT1 :  PASS IPv4 from any to any BUT LAN
      WAN :  PASS IPv4 from any to OPT1 net
                  PASS IPv4 from OPT1 net to any

      I just dont see what i missed (i'm a newbie with VMW and pfsense) and a server that cant download a package or access a url is less useful :-
      So please if u have an idea of where i went wrong, any hint will help...

      ![clean VM-network.png](/public/imported_attachments/1/clean VM-network.png)
      ![clean VM-network.png_thumb](/public/imported_attachments/1/clean VM-network.png_thumb)

      1 Reply Last reply Reply Quote 0
      • B
        boiss007
        last edited by

        Here are some ping testing from PFsense Packet Capture insterface (protocol ICMP only)

        Capture from Interface OPT1

        
        12:38:59.891058 IP IP-FO-Server1 > 8.8.8.8: ICMP echo request, id 4204, seq 1, length 64
        12:39:00.898531 IP IP-FO-Server1 > 8.8.8.8: ICMP echo request, id 4204, seq 2, length 64
        12:39:01.906502 IP IP-FO-Server1 > 8.8.8.8: ICMP echo request, id 4204, seq 3, length 64
        12:39:02.914502 IP IP-FO-Server1 > 8.8.8.8: ICMP echo request, id 4204, seq 4, length 64
        12:39:03.922424 IP IP-FO-Server1 > 8.8.8.8: ICMP echo request, id 4204, seq 5, length 64
        12:39:04.930410 IP IP-FO-Server1 > 8.8.8.8: ICMP echo request, id 4204, seq 6, length 64
        12:39:05.938376 IP IP-FO-Server1 > 8.8.8.8: ICMP echo request, id 4204, seq 7, length 64
        12:39:06.946329 IP IP-FO-Server1 > 8.8.8.8: ICMP echo request, id 4204, seq 8, length 64
        

        Capture from WAN

        12:39:41.751302 IP IP-FO-PFSense > 8.8.8.8: ICMP echo request, id 2017, seq 4, length 64
        12:39:41.760281 IP 8.8.8.8 > IP-FO-PFSense: ICMP echo reply, id 2017, seq 4, length 64
        12:39:41.760302 IP 8.8.8.8 > IP-FO-Server1: ICMP echo reply, id 4205, seq 4, length 64
        12:39:42.751243 IP IP-FO-PFSense > 8.8.8.8: ICMP echo request, id 2017, seq 5, length 64
        12:39:42.760257 IP 8.8.8.8 > IP-FO-PFSense: ICMP echo reply, id 2017, seq 5, length 64
        12:39:42.760278 IP 8.8.8.8 > IP-FO-Server1: ICMP echo reply, id 4205, seq 5, length 64
        12:39:43.751228 IP IP-FO-PFSense > 8.8.8.8: ICMP echo request, id 2017, seq 6, length 64
        12:39:43.760213 IP 8.8.8.8 > IP-FO-PFSense: ICMP echo reply, id 2017, seq 6, length 64
        
        

        So WAN receive the response but it doesnt make it to OPT1

        1 Reply Last reply Reply Quote 0
        • B
          boiss007
          last edited by

          Just tested with Advanced=>Firewall/Nat=>Disable all packet filtering and I suddenly can connect to the outside world… So its definitively a rule somewhere and i really need to find it....

          1 Reply Last reply Reply Quote 0
          • B
            boiss007
            last edited by

            ::) So while trying about everything i put the NAT Outbound Rule back on auto and… everything works fine....  :-[
            I didn't even remembered I had changed it... Morality : check and recheck everything before complaining....

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.