Dear list,
I apologie if the subject have already been treated…
Since the upgrade to the new version I have issue to access to the pfsense from
the outside from certain internet providers, before the upgrade it was working
correctly and since the update the port forwarding (or DMZ setting) is not
working anymore…
I made verification that there is no firewall rule that block traffic but it
was working before... (I even allowed everything during time of testing) and I
think there is not but the pfsense is not anymore responding correctly from the
outside.
I have this issue with 2 different installations and different providers, I am
from France and with Orange business DMZ I have no issue but with OVH or FREE,
the redirection it’s not working anymore (I even try putting the modem in
bridge mode, the pfsense box obtains the wan IP no problem there but it changes
nothing)
What is weird is that with some others providers it works (Orange and SFR)
That being, the firewall is perfectly capable to use these connexions to
provide internet access so I think the connectivity is not the matter then I
tried to analyse the traffic with tcpdump and I can see a difference between
when I use a working and a not working provider but I have not the skill to
understand what the tcpdump tells, I don’t understand what happens here, I only
can see there a rapport with length witch is 0 when the connexion is not
working and also the is some options informations…
I tried with port 10000 (I use for web interface) and 2223 (I use for ssh
access)
This is logs generated by tcpdump from the same client machine when I try to
access the firewall thru working internet access provider :
port 2223
16:55:04.501509 IP 46.105.230.225.39304 > 192.168.101.254.2223: Flags [P.], seq
29:701, ack 22, win 32844, length 672
16:55:04.501652 IP 192.168.101.254.2223 > 46.105.230.225.39304: Flags [P.], seq
22:910, ack 701, win 508, length 888
port 10000
16:58:51.821691 IP 192.168.101.254.10000 > 46.105.230.225.5829: Flags [P.], seq
209411:210119, ack 2393, win 513, length 708
16:58:52.058014 IP 46.105.230.225.5829 > 192.168.101.254.10000: Flags [.], ack
210119, win 32673, length 0
And there the same command output when I try to access from one that is not
working :
Port 2223
16:53:13.240166 IP 46.105.230.225.19480 > 192.168.101.254.2223: Flags [S], seq
3864438539, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:53:13.240306 IP 192.168.101.254.2223 > 46.105.230.225.19480: Flags [S.], seq
2492220538, ack 3864438540, win 65228, options [mss 1460,nop,wscale
7,sackOK,eol], length 0
Port 10000
16:56:39.864021 IP 46.105.230.225.41932 > 192.168.101.254.10000: Flags [S], seq
2837326484, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
16:56:39.864169 IP 192.168.101.254.10000 > 46.105.230.225.41932: Flags [S.],
seq 1993261464, ack 2837326485, win 65228, options [mss 1460,nop,wscale
7,sackOK,eol], length 0
I use pcengine APU system, the model is AMD G-T40E Processor with 3 NIC ( I
believe It could be something related to a NIC setting somewhere but really
don’t know)
Is someone encounter the same issue than me ? maybe it’s just a setting in the
NIC driver ?
Anyway thank you so much in advance if you have an idea because I passed a lot
of hours/days on this problem and I really can not find a solution :(
Best regards,
Jean-Laurent Ivars
Responsable Technique | Technical Manager
22, rue Robert - 13007 Marseille
Tel: 09 84 56 64 30 - Mobile: 06.52.60.86.47
Linkedin <http://fr.linkedin.com/in/jlivars/> | Viadeo
<http://www.viadeo.com/fr/profile/jean-laurent.ivars> | www.ipgenius.fr
<https://www.ipgenius.fr/>
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
