Firewall Broken
-
I upgraded to latest 2.2.4
I edited some rules and lan to wan is broken. I can access from outside firewall webpage.I went onsite and restore config to x86 virtual machine. Works okay.
I took hardware firewall and tested from defaults. Everything works fine.
I went onsite again and load config. It fails to route lan to wan again. No activity in firewall.
Wan can ping 8.8.8.8 and lan can ping internal ips of servers. Lan cant ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=54 time=11.132 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=54 time=11.225 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=54 time=11.557 ms–- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 11.132/11.305/11.557/0.182 msPING 8.8.8.8 (8.8.8.8) from 172.16.1.1: 56 data bytes
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet lossI have attached config. I edited names and external ips.
comcast internet with statics > wan ip > Lan ip > servers ip
All routing is there.If i switch wires back to vm pfsense with exact same config, it works fine. all pings go through. I have attached config.
[PFsense config broken.zip](/public/imported_attachments/1/PFsense config broken.zip) -
Suggestions please?
https://doc.pfsense.org/index.php/Connectivity_Troubleshooting
Based on this, i am supposed to look at NAT > Outbound. It is set to automatic. Everything else seems fine. -
Dude, what do you mean "I went onsite again"? You have static public IPv4 WAN config; you cannot travel with that config between sites and expect it to work?
-
Hi,
@tongsama:I took hardware firewall and tested from defaults. Everything works fine.
I don't know what you mean by this, but I it looks good. Keep it ?!
Btw:
A ping from any PC on LAN to 8.8.8.8C:\Users\Réception-Gauche>ping 8.8.8.8 Envoi d'une requête 'Ping' 8.8.8.8 avec 32 octets de données : Réponse de 8.8.8.8 : octets=32 temps=39 ms TTL=47 Réponse de 8.8.8.8 : octets=32 temps=40 ms TTL=47 Réponse de 8.8.8.8 : octets=32 temps=39 ms TTL=47 Réponse de 8.8.8.8 : octets=32 temps=40 ms TTL=47 Statistiques Ping pour 8.8.8.8: Paquets : envoyés = 4, reçus = 4, perdus = 0 (perte 0%), Durée approximative des boucles en millisecondes : Minimum = 39ms, Maximum = 40ms, Moyenne = 39ms C:\Users\Réception-Gauche>a ping from GUI SSH accès : menu option 7:
Enter a host name or IP address: 8.8.8.8 PING 8.8.8.8 (8.8.8.8): 56 data bytes 64 bytes from 8.8.8.8: icmp_seq=0 ttl=48 time=39.774 ms 64 bytes from 8.8.8.8: icmp_seq=1 ttl=48 time=39.645 ms 64 bytes from 8.8.8.8: icmp_seq=2 ttl=48 time=39.683 ms --- 8.8.8.8 ping statistics --- 3 packets transmitted, 3 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 39.645/39.701/39.774/0.054 ms Press ENTER to continue.Knowing that my copy of pfSense == your copy , the problem can only be: (as you said) : "broken setup"
Re-install - chose LAN (and fix lan IP to 192.1.1.1 - start DHCP server) and WAN - setup WAN.
Hoop up devices to LAN.
You're up. -
Thanks for replies. I didn't want to setup from scratch since i had users that use openvpn remotely. Can't break that. Anyways, I contacted netgate support and i had support left from the purchase of hardware. We looked at my setup again. He had escalated the case to an engineer and found that my pfsense setup ruleset wasn't loading correctly. I didn't the alert. I can reload filter and no errors.
It turns out the logs my traffic shaper complain about child queues being greater than parent queue. I didn't receive any errors after applying rules. We edited the parent traffic shaper and everything worked. The engineer will look at my system on why I didn't get a notification.
