Dear list, I apologie if the subject have already been treated…
Since the upgrade to the new version I have issue to access to the pfsense from the outside from certain internet providers, before the upgrade it was working correctly and since the update the port forwarding (or DMZ setting) is not working anymore… I made verification that there is no firewall rule that block traffic but it was working before... (I even allowed everything during time of testing) and I think there is not but the pfsense is not anymore responding correctly from the outside. I have this issue with 2 different installations and different providers, I am from France and with Orange business DMZ I have no issue but with OVH or FREE, the redirection it’s not working anymore (I even try putting the modem in bridge mode, the pfsense box obtains the wan IP no problem there but it changes nothing) What is weird is that with some others providers it works (Orange and SFR) That being, the firewall is perfectly capable to use these connexions to provide internet access so I think the connectivity is not the matter then I tried to analyse the traffic with tcpdump and I can see a difference between when I use a working and a not working provider but I have not the skill to understand what the tcpdump tells, I don’t understand what happens here, I only can see there a rapport with length witch is 0 when the connexion is not working and also the is some options informations… I tried with port 10000 (I use for web interface) and 2223 (I use for ssh access) This is logs generated by tcpdump from the same client machine when I try to access the firewall thru working internet access provider : port 2223 16:55:04.501509 IP 46.105.230.225.39304 > 192.168.101.254.2223: Flags [P.], seq 29:701, ack 22, win 32844, length 672 16:55:04.501652 IP 192.168.101.254.2223 > 46.105.230.225.39304: Flags [P.], seq 22:910, ack 701, win 508, length 888 port 10000 16:58:51.821691 IP 192.168.101.254.10000 > 46.105.230.225.5829: Flags [P.], seq 209411:210119, ack 2393, win 513, length 708 16:58:52.058014 IP 46.105.230.225.5829 > 192.168.101.254.10000: Flags [.], ack 210119, win 32673, length 0 And there the same command output when I try to access from one that is not working : Port 2223 16:53:13.240166 IP 46.105.230.225.19480 > 192.168.101.254.2223: Flags [S], seq 3864438539, win 8192, options [mss 1460,nop,nop,sackOK], length 0 16:53:13.240306 IP 192.168.101.254.2223 > 46.105.230.225.19480: Flags [S.], seq 2492220538, ack 3864438540, win 65228, options [mss 1460,nop,wscale 7,sackOK,eol], length 0 Port 10000 16:56:39.864021 IP 46.105.230.225.41932 > 192.168.101.254.10000: Flags [S], seq 2837326484, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 16:56:39.864169 IP 192.168.101.254.10000 > 46.105.230.225.41932: Flags [S.], seq 1993261464, ack 2837326485, win 65228, options [mss 1460,nop,wscale 7,sackOK,eol], length 0 I use pcengine APU system, the model is AMD G-T40E Processor with 3 NIC ( I believe It could be something related to a NIC setting somewhere but really don’t know) Is someone encounter the same issue than me ? maybe it’s just a setting in the NIC driver ? Anyway thank you so much in advance if you have an idea because I passed a lot of hours/days on this problem and I really can not find a solution :( Best regards, Jean-Laurent Ivars Responsable Technique | Technical Manager 22, rue Robert - 13007 Marseille Tel: 09 84 56 64 30 - Mobile: 06.52.60.86.47 Linkedin <http://fr.linkedin.com/in/jlivars/> | Viadeo <http://www.viadeo.com/fr/profile/jean-laurent.ivars> | www.ipgenius.fr <https://www.ipgenius.fr/> _______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold