Strange blocking problem



  • Hi all,

    I have the pfsense 1.0 in use. It works as a transparent Bridge with firewalling. Behind there are nine server. Everything works fine, but one server has a strange problem. Sometimes the machine (Debian 4) cant ping outside the firewall (i detected the problem cause the dns resolving wasn't working). Inside the lan everything is working fine. I can also access the machine via ssh and web from the outside. When i reboot the firewall or the server, the problem is solved. I disabled all the rules for this server, but nothing happened. Then i saw the firewall logs: Everytime the problem occures, the firewall is blocking the ping (or the dns request) - but the server source is WAN?! I have attached a screenshot. Server A is the Server which has problems, Server B is another one which works perfectly - the ping is blocked and the source is lan. When i create a rule on "WAN" and * * with source 213.XX (Server IP)the problem is also solved.

    Any hints?




  • Version 1.0?



  • 1.0.1
    built on Sun Oct 29 01:07:16 UTC 2006

    :)



  • You know that 1.2 is released?



  • I know, but the "never change a running system" argument is also strong and everything works great execpt this error. Hmm, dont like to do it, but when the only solution is a update, then i will do it..



  • For example, i haven´t firewalls with 1.01, so the support will be a bit difficult…

    "Support for previous versions

    1.2 is the only supported pfSense version. No previous releases will receive any bug fix updates nor any future security updates. 1.2 is significantly more stable than past release versions, and we strongly recommend everyone make plans to upgrade. There are systems out there with several years of uptime running very early alpha pfSense releases that are stable, but we advise against that.



  • Hi,

    this problem seems to be a little bit like the one I've got in my post here: http://forum.pfsense.org/index.php/topic,8262.0.html

    Can someone confirm this? I'm on bussiness-trip right now and took the good box with me to verify any good idea to solve my problem, left my monowall at home.

    Greetings

    Stefan



  • In the meantime i updated to 1.2 and also changed the IPs and my Switch (we moved). The problem still exists. It's just this single server, everything else is working.



  • This sounds exactly like the problem which haunted me almost a year ago. See here:
    http://forum.pfsense.org/index.php/topic,5909.0.html

    I was just looking through the forum if the problem is still there before trying to upgrade to 1.2. Since my solution at the time being was patching pfSense and the patches by now probably have to be rethought/rewritten an upgrade for me is not so easy possible.

    However, it's interesting to see that this problem still occurs not only in my setup and it does not seem to have a solution… (I suspect some kind of load-balancing code inside freebsd which "turns" the interfaces in brideged mode, but thats just guessing)

    BTW, pfSense is a great piece of work - after patching this problem away last year it runs and serves absolutely reliable. Great work guys.

    Best regards,
    Arno


Log in to reply