protocol in the rule is any. here's what the rule looks like: Action:Pass Interface: LAN TCP/IP: IPv4 protocol: any source: Type: network, address: 192.168.0.0/24 destination: any
On Jul 22, 2014, at 4:16 PM, Justin Edmands wrote: > It's most likely your specified Protocol in the "allow" rule you have > set. Open the rule that you believe should allow the traffic and > change the rule from TCP, UDP, TCP/UDP to say any. > > On Tue, Jul 22, 2014 at 5:30 PM, Khurram Khan <brokenf...@gmail.com> wrote: >> Hi Team, >> >> Trying to figure out an issue i'm facing with pfsense 2.1.4. I'm routing >> 192.168.0.0/24 via pfsense. this block resides on a linux machine. within >> the internal LAB if i ping to 192.168.0.5 , all the machines on the LAN can >> ping successfully. However, if i ping from the linux machine , sourcing from >> 192.168.0.5, to the pfsense LAN IP , my pings fail. i've got a firewall rule >> on the pfsense firewall allowing anything from 192.168.0.0/24 to anything. >> >> here's what the topology looks like: >> >> >> internet <> rl1 <> pfsense <> rl0 <> LAN >> >> LAN subnet (rl0) : 10.10.171.0/24 >> >> here are the routes on the pfsense appliance: >> >> [2.1.4-RELEASE][ad...@pfw01.b.lan]/root(1): netstat -rn | grep 192.168. >> 192.168.0.0/24 10.10.171.80 UGS 0 161 rl0 >> >> and here's the rl0 interface: >> >> [2.1.4-RELEASE][ad...@pfw01.b.lan]/root(4): ifconfig rl0 | grep inet | grep >> -v inet6 >> inet 10.10.171.1 netmask 0xffffff00 broadcast 10.10.171.255 >> >> >> >> the LAN subnet is : 10.10.171.0/24 >> the server that 192.168.0.0/24 resides on is : 10.10.171.80 >> >> >> when trying to initiate the ping from 10.10.171.80, sourcing 192.168.0.5 and >> destined for 10.10.171.1 (rl0), pings fail and here is what i see in the >> logs: >> >> >> Jul 22 15:27:53 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:00.999960 rule >> 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22636, offset 0, flags >> [DF], proto ICMP (1), length 84) >> Jul 22 15:27:54 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:00.999984 rule >> 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22638, offset 0, flags >> [DF], proto ICMP (1), length 84) >> Jul 22 15:27:54 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:00.999984 rule >> 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22638, offset 0, flags >> [DF], proto ICMP (1), length 84) >> Jul 22 15:27:54 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:00.999984 rule >> 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22638, offset 0, flags >> [DF], proto ICMP (1), length 84) >> Jul 22 15:27:55 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:01.000045 rule >> 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22640, offset 0, flags >> [DF], proto ICMP (1), length 84) >> Jul 22 15:27:55 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:01.000045 rule >> 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22640, offset 0, flags >> [DF], proto ICMP (1), length 84) >> Jul 22 15:27:55 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:01.000045 rule >> 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22640, offset 0, flags >> [DF], proto ICMP (1), length 84) >> Jul 22 15:27:56 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:01.000002 rule >> 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22642, offset 0, flags >> [DF], proto ICMP (1), length 84) >> >> >> the fact that the firewall rule is there on the LAN interface , permitting >> anything from 192.168/24 , plus not blocking any bogons or private addresses >> on this interface, i'm scratching my head. >> if someone has any ideas, would really appreciate it. >> >> >> >> >> _______________________________________________ >> List mailing list >> List@lists.pfsense.org >> https://lists.pfsense.org/mailman/listinfo/list > _______________________________________________ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
