Must be Missing something



  • Currently on a version 2.2.4-RELEASE. I am having problems reaching some private networks through pfsence. To try to get this working I put the top rule as a pass any any

    IPv4 * LAN net * * * * none Default allow LAN to any rule

    I have 2 rules on the Wan side, one of them is my OpenVPN

    • Reserved/not assigned by IANA * * * * * * Block bogon networks
              IPv4 UDP * * WAN address 1194 (OpenVPN) * none OpenVPN NT wizard

    Im on the 10.169.169.0 network and Im reaching 90% of my other private IP range but for some reason the equipment on the 172.16.50.0 port 80 is returning

    No data received

    ERR_EMPTY_RESPONSE

    and I can telnet to it also and it connects but never shows the login prompt

    I can reach 172.16.15.x and 172.16.16 through the firewall and if I unplug the computer and move to my other connection I can reach them plus the 172.16.50 network works also via telnet and http. I dont understand what Im doing wrong. If you can tell me what other info you need to look at I can get it posted.

    thanks



  • Anything in your Firewall log?



  • There was some in there but nothing having to do with 172.16.50.x


  • LAYER 8 Netgate

    Rules on WAN for OpenVPN are pretty meaningless. Either the tunnel comes up or it doesn't. You should be more concerned with the rules on your OpenVPN and LAN interfaces/interface groups.



  • The rules was put there by the openvpn wizard. The OpenVPN works flawlessly and has nothing to do with this problem. I am working at the site trying to get the network accessable.


  • LAYER 8 Netgate

    You need to provide more information about what networks are where.



  • Misc Routers/ Switches and equipment at about 14 locations.
    172.16.15.0 /24
    172.16.16.0 /24
    172.16.50.0 /24
    192.168.104 /24
    192.168.105 /24      –----------> Cisco 12000  -----------> Cisco 6509 -----------> Server w/PFSense  -------------> 15 Employees
    10.1.1.0 /24                                                                                                    Wan 209.2xx.xx.x / 10.169.169.0 /24
    10.100.1.0/27
    10.100.11.0 /27

    Employees can get to any private subnet except 172.16.50.x. I can ping it and get replys, I can telnet to it, once it connects it never gets to the login page and port 80 and 443 give me a

    No data received

    ERR_EMPTY_RESPONSE

    Under the Diag Port test I get " Connection to 172.16.50.10 80 port [tcp/http] succeeded!"


  • LAYER 8 Netgate

    I'd check the config in the Ciscos.  There's really nothing in pfSense that would cause that.



  • You may have to roll up your sleeves and capture some packets on both ends to see where the  breakdown occurs.



  • If I bypass PFSense and go direct into a cisco Device I can get to it fine. It has something to do with the Nat'ing or Firewall within this PFSense box. I have done a little capturing but Everything points at the PFSense server and I dont know how to get around it. I have had good luck with it but for some reason this is fighting me and I dont know how to get around it.



  • Is there anything unique about 172.16.50.x as compared to 172.16.15.x or 172.16.16.x??  Are these VLANs?  Maybe we should start with your interface details, NAT rules and firewall rules screenshots.



  • Here is the interfaces and rules



    ![wan interface.png](/public/imported_attachments/1/wan interface.png)
    ![wan interface.png_thumb](/public/imported_attachments/1/wan interface.png_thumb)
    ![Lan interface.png](/public/imported_attachments/1/Lan interface.png)
    ![Lan interface.png_thumb](/public/imported_attachments/1/Lan interface.png_thumb)


  • LAYER 8 Netgate

    There is nothing there that would cause what you're seeing.

    You're going to need to post a packet capture on WAN of a connection attempt filtered by the destination IP address.


Log in to reply