Ping ok, TCP not working
-
I am using 2.2.5 which is working perfectly.
I tried to install 2.3 instead, setup my WAN/LAN to hn0 and hn1 like it is in 2.2.5 - I can then ping and traceroute anywhere I want, but I can't get any tcp (for example port 80) to for example this website through.
If you need anymore info or anything else, please let me know and I'll add it here :) Hope someone can point me in the right direction. Thanks
-
From the shell on the router there is fine internet, i can telnet anywhere I like from there. But no luck figuring out why its not working from the LAN :/
-
Ok, I am getting more and more fustrated :(
2.2.5 keeps getting "No Buffer Space Available" on the LAN, which maybe is an error in the FreeBSD driver for hyper-v NIC's… Which makes it impossible to use that version :(
2.3 I still can not get data from LAN to WAN - both tcp/ping/etc works perfectly from the pfsense shell for both local machines and anywhere on the internet. I can both ping and traceroute from the LAN to anywhere on the internet, but no TCP or UDP trafic goes from LAN to WAN.
PLEASE!! Do I need to do anything after installing pfsense 2.3 to make it work, or should it just work like in 2.2.5 ???
Is there ANYTHING I can to do see where it goes wrong or anything I can try?? I am desperate to get this to work and I have no idea where to go from here! PLEASE!
my firewall rules are the default ones - which should (I think??) give access to WAN from LAN??
http://imgur.com/ddQZYPu -
Yes, it should "just work". Your rules are not protocol-specific, so they should let TCP and UDP pass as well as ICMP ping and traceroute.
You will need to packet capture on LAN and WAN as you access something on the internet from a client. Then you can confirm that a TCP packet arrives on LAN and is sent out WAN, and see if any response is received on WAN some msecs later…
Then you have to follow the evidence trail from there. Maybe you will need to get somewhere between pfSense WAN and the upstream internet to really see if the packet is actually transmitted out the WAN (since you are in a VM it would be possible that a packet reported by packet capture on pfSense/FreeBSD as being sent out the (virtual) WAN device maybe never gets on a real wire to the internet, for whatever dumb reason).
... -
Thanks Phil.Davis for your answer :)
I tried to use packet capture and I get the following when i filter on IP: 193.88.14.115 (not my IP - the an IP i try to reach on internet)
LAN
21:26:21.684273 IP 192.168.117.8.63874 > 193.88.14.115.4242: tcp 0
21:26:24.682930 IP 192.168.117.8.63874 > 193.88.14.115.4242: tcp 0WAN
21:26:51.167499 IP xx.xx.my.ip.44702 > 193.88.14.115.4242: tcp 0
21:26:54.174243 IP xx.xx.my.ip.44702 > 193.88.14.115.4242: tcp 0So I guess I send data out on the internet, but nothing comes back? Where to go from here? it works fine from version 2.2.5 so unfortunately the problem is in my end somewhere :)
What would cause it to not get any reply back to the WAN from 193.88.14.115 ?
Thanks
-
What would cause it to not get any reply back to the WAN from 193.88.14.115 ?
That is a good question. If ping works then we know that the virtual network drivers in the VM are working well enough to end up getting ping packets out to the real hardware drivers and onto the real wire.
2 things to try:
a) ping with bigger packets - maybe there is a packet size issue somewhere and the default (small) ping packets make it but big ones do not.
b) A real capture capture on the wire in front of pfSense WAN using some device with Wireshark or… to confirm if the packet observed in the pfSense packet capture is actually seen on the wire. -
Hello,
I had the exact same problem. Also on Hyper-V. Could ping and traceroute just fine but no TCP. Spend a couple of long nights but did not figure out what was wrong, so gave up on it for now :(
Regards
Jacob