Re: [pfSense] DMZ not working since upgrade 2.3
Hello Piba (and anyone else…) Sorry for not having answered before… To answer you questions, firstly, I’m not in a datacenter, only a client offices with different ISP. I agree with you double NAT is bad but you can’t alway get rid of it… and you should know that on one of my wan connexion I was technically able to make a bridge and I though the problem were the same with this connexion but in fact, my fault, bad setting, so with this connexion everything is working ! So I stay with my third connexion witch is not working (double NAT) and only with this one, I can see traffic but it’s not working, so I gave a try with the flag you requested to try to give more information to understand what happens… from outside to 2223 portwitch is where SSH deamon is listening on the pfsense from OVH Connexion (double NAT) = not working 2.3.1-RELEASE][r...@pfsense.concorde-pereire.loc]/root: tcpdump -en -i re0 port 2223 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on re0, link-type EN10MB (Ethernet), capture size 65535 bytes 14:42:56.509422 a4:b1:e9:f7:13:e8 > 00:0d:b9:33:7c:6c, ethertype IPv4 (0x0800), length 66: 62.210.139.211.49236 > 192.168.101.254.2223: Flags [S], seq 2309097405, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 14:42:56.509584 00:0d:b9:33:7c:6c > 24:95:04:fb:ae:90, ethertype IPv4 (0x0800), length 66: 192.168.101.254.2223 > 62.210.139.211.49236: Flags [S.], seq 3034279515, ack 2309097406, win 65228, options [mss 1460,nop,wscale 7,sackOK,eol], length 0 14:42:59.509726 00:0d:b9:33:7c:6c > 24:95:04:fb:ae:90, ethertype IPv4 (0x0800), length 66: 192.168.101.254.2223 > 62.210.139.211.49236: Flags [S.], seq 3034279515, ack 2309097406, win 65228, options [mss 1460,nop,wscale 7,sackOK,eol], length 0 14:42:59.529210 a4:b1:e9:f7:13:e8 > 00:0d:b9:33:7c:6c, ethertype IPv4 (0x0800), length 66: 62.210.139.211.49236 > 192.168.101.254.2223: Flags [S], seq 2309097405, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 from outside to 2223 port witch is where SSH deamon is listening on the pfsense from SFR Connexion (double NAT) = working [2.3.1-RELEASE][r...@pfsense.concorde-pereire.loc]/root: tcpdump -en -i re0 port 2223 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on re0, link-type EN10MB (Ethernet), capture size 65535 bytes 14:43:47.280639 24:95:04:fb:ae:90 > 00:0d:b9:33:7c:6c, ethertype IPv4 (0x0800), length 66: 62.210.139.211.49239 > 192.168.101.254.2223: Flags [S], seq 2327707324, win 9652, options [mss 1460,wscale 3,sackOK,eol], length 0 14:43:47.280797 00:0d:b9:33:7c:6c > 24:95:04:fb:ae:90, ethertype IPv4 (0x0800), length 66: 192.168.101.254.2223 > 62.210.139.211.49239: Flags [S.], seq 3881093896, ack 2327707325, win 65228, options [mss 1460,nop,wscale 7,sackOK,eol], length 0 14:43:47.311955 24:95:04:fb:ae:90 > 00:0d:b9:33:7c:6c, ethertype IPv4 (0x0800), length 60: 62.210.139.211.49239 > 192.168.101.254.2223: Flags [.], ack 1, win 32850, length 0 14:43:47.322754 24:95:04:fb:ae:90 > 00:0d:b9:33:7c:6c, ethertype IPv4 (0x0800), length 82: 62.210.139.211.49239 > 192.168.101.254.2223: Flags [P.], seq 1:29, ack 1, win 32850, length 28 14:43:47.322883 00:0d:b9:33:7c:6c > 24:95:04:fb:ae:90, ethertype IPv4 (0x0800), length 54: 192.168.101.254.2223 > 62.210.139.211.49239: Flags [.], ack 29, win 513, length 0 14:43:47.343017 00:0d:b9:33:7c:6c > 24:95:04:fb:ae:90, ethertype IPv4 (0x0800), length 75: 192.168.101.254.2223 > 62.210.139.211.49239: Flags [P.], seq 1:22, ack 29, win 513, length 21 To the light of this new details, I can see that the pfsense is trying to respond to the bad mac address (the working connexion one) ! and that is the reason it’s not working ! So I had a look at the interface settings and I noticed that the mac address it tries to reply is the one selected here in the menu list, I have two since I have two gateway for one interface in the same private network space… First I want to tank you helping me clarifying what was going wrong (for the second pfsense installation it’s a bad coincidence the problem is with the modem configuration witch is defective) So my question now is : How can I set both the gateway to have the same priority or at least make the system answer to the address that initiate the connexion ? I don’t know if I’m clear with my configuration if someone has an idea or need more clarifying, I would be more than happy to explain better my settings. Thank you again, Best regards, Jean-Laurent Ivars Responsable Technique | Technical Manager 22, rue Robert - 13007 Marseille Tel: 09 84 56 64 30 - Mobile: 06.52.60.86.47 Linkedin <http://fr.linkedin.com/in/jlivars/> | Viadeo <http://www.viadeo.com/fr/profile/jean-laurent.ivars> | www.ipgenius.fr <https://www.ipgenius.fr/> > Le 25 juin 2016 à 22:04, PiBa <pba_..
Re: [pfSense] DMZ not working since upgrade 2.3
cBook-de-Jean-Laurent:~$ I hope these complete captures can tell you more what’s happening ? I have no special packages installed, had only iperf and nmap for testing purposes… and just uninstalled but it changed nothing :( I have absolutely not any exotic or special configuration like limiters/shapers and absolutely no VPN at the moment, no IPSEC, OPENVPN nor anything else… on the other pfsense box I have openvpn installed but the symptoms aren’t different so I don’t think it’s related. I really don’t understand what’s happening here but the fact that on both my pfsenses I have some WAN redirections or DMZ that are working and that are not the only factor that changes here is the internet provider and maybe it’s not hardware related but I would think that it’s some kind of network setting somewhere that could help me. And we should not forget that before the upgrade on the version 2.3 it was working on one of the box for sure ! (the other wasn’t installed at the moment) In my opinion it’s something silly like mtu for exemple but making my life a hell ! I know it’s a long long mail with a lot of informations but if someone can help me with that I would be so much
[pfSense] DMZ not working since upgrade 2.3
Dear list,
I apologie if the subject have already been treated…
Since the upgrade to the new version I have issue to access to the pfsense from
the outside from certain internet providers, before the upgrade it was working
correctly and since the update the port forwarding (or DMZ setting) is not
working anymore…
I made verification that there is no firewall rule that block traffic but it
was working before... (I even allowed everything during time of testing) and I
think there is not but the pfsense is not anymore responding correctly from the
outside.
I have this issue with 2 different installations and different providers, I am
from France and with Orange business DMZ I have no issue but with OVH or FREE,
the redirection it’s not working anymore (I even try putting the modem in
bridge mode, the pfsense box obtains the wan IP no problem there but it changes
nothing)
What is weird is that with some others providers it works (Orange and SFR)
That being, the firewall is perfectly capable to use these connexions to
provide internet access so I think the connectivity is not the matter then I
tried to analyse the traffic with tcpdump and I can see a difference between
when I use a working and a not working provider but I have not the skill to
understand what the tcpdump tells, I don’t understand what happens here, I only
can see there a rapport with length witch is 0 when the connexion is not
working and also the is some options informations…
I tried with port 1 (I use for web interface) and 2223 (I use for ssh
access)
This is logs generated by tcpdump from the same client machine when I try to
access the firewall thru working internet access provider :
port 2223
16:55:04.501509 IP 46.105.230.225.39304 > 192.168.101.254.2223: Flags [P.], seq
29:701, ack 22, win 32844, length 672
16:55:04.501652 IP 192.168.101.254.2223 > 46.105.230.225.39304: Flags [P.], seq
22:910, ack 701, win 508, length 888
port 1
16:58:51.821691 IP 192.168.101.254.1 > 46.105.230.225.5829: Flags [P.], seq
209411:210119, ack 2393, win 513, length 708
16:58:52.058014 IP 46.105.230.225.5829 > 192.168.101.254.1: Flags [.], ack
210119, win 32673, length 0
And there the same command output when I try to access from one that is not
working :
Port 2223
16:53:13.240166 IP 46.105.230.225.19480 > 192.168.101.254.2223: Flags [S], seq
3864438539, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:53:13.240306 IP 192.168.101.254.2223 > 46.105.230.225.19480: Flags [S.], seq
2492220538, ack 3864438540, win 65228, options [mss 1460,nop,wscale
7,sackOK,eol], length 0
Port 1
16:56:39.864021 IP 46.105.230.225.41932 > 192.168.101.254.1: Flags [S], seq
2837326484, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0
16:56:39.864169 IP 192.168.101.254.1 > 46.105.230.225.41932: Flags [S.],
seq 1993261464, ack 2837326485, win 65228, options [mss 1460,nop,wscale
7,sackOK,eol], length 0
I use pcengine APU system, the model is AMD G-T40E Processor with 3 NIC ( I
believe It could be something related to a NIC setting somewhere but really
don’t know)
Is someone encounter the same issue than me ? maybe it’s just a setting in the
NIC driver ?
Anyway thank you so much in advance if you have an idea because I passed a lot
of hours/days on this problem and I really can not find a solution :(
Best regards,
Jean-Laurent Ivars
Responsable Technique | Technical Manager
22, rue Robert - 13007 Marseille
Tel: 09 84 56 64 30 - Mobile: 06.52.60.86.47
Linkedin <http://fr.linkedin.com/in/jlivars/> | Viadeo
<http://www.viadeo.com/fr/profile/jean-laurent.ivars> | www.ipgenius.fr
<https://www.ipgenius.fr/>
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Open VPN configure ( Urgent)
Sorry I thought the community was about helping each other when AFTER these very same other had made the effort of trying to find informations by their own on the web. It is possible to find tutorials all around the web about how to configure openvpn with pfsense and this is certainly not what Amit did according to the asked questions and repeated emails… Moreover I saw the URGENT mention in the subject of the last mail; I did’t know it was normal the make urgents solicitations to the community ? So yes i proposed to help Amit for money, so what ? this is a crime ? I havent publicly solicited anyone, I just have proposed my paying help to someone that obviously had not the time neither the willing help itself by searching and not paying. Now if you want to make me being the devil knock yourself out ! English is not my native language as you can see so maybe i don’t express clearly what i want to mean but i think i made my point… sorry if its not clear Best regards to all of you Jean-Laurent Ivars Responsable Technique | Technical Manager 22, rue Robert - 13007 Marseille Mobile: 06.52.60.86.47 - Tel: 09 84 56 64 30 - Fax: 09 89 56 64 30 Linkedin http://fr.linkedin.com/in/jlivars/ | Viadeo http://www.viadeo.com/fr/profile/jean-laurent.ivars | www.ipgenius.fr http://www.ipgenius.fr/ Le 22 mars 2015 à 19:21, Ryan Coleman ryan.cole...@cwis.biz a écrit : How about we not publicly solicit people? Yeah, that’s not what this community is about. Please leave. On Mar 22, 2015, at 1:12 PM, Jean-Laurent Ivars jl.iv...@ipgenius.fr mailto:jl.iv...@ipgenius.fr wrote: Dear Amit Saxena, I can help you with your pfsense VPN configuration. I propose you explain me exactly what you need and I log on your computer and do the settings myself under your eyes so you can learn. My Prices are 100€/Hour and I think one hour should be enough to achieve what you want to do. What do you think about that ? Best Regards Jean-Laurent Ivars Responsable Technique | Technical Manager 22, rue Robert - 13007 Marseille Mobile: 06.52.60.86.47 - Tel: 09 84 56 64 30 - Fax: 09 89 56 64 30 Linkedin http://fr.linkedin.com/in/jlivars/ | Viadeo http://www.viadeo.com/fr/profile/jean-laurent.ivars | www.ipgenius.fr http://www.ipgenius.fr/ Le 22 mars 2015 à 18:40, Amit Saxena amit.sax...@fosteringlinux.com mailto:amit.sax...@fosteringlinux.com a écrit : Dear team I want to configure open VPN My set up environment totally on Virtual machine using oracle virtual box Mypfsense has 2 nic Wan 192.168.1.4 Lan 192.168.2.1 Client machine Xp lan 192.168.2.4 First I created server certificate After that I follow openvpn wizard step but still service not step and I have watched so many videos realetd pfsense Regards Amit Saxena ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
Re: [pfSense] Open VPN configure ( Urgent)
Dear Amit Saxena, I can help you with your pfsense VPN configuration. I propose you explain me exactly what you need and I log on your computer and do the settings myself under your eyes so you can learn. My Prices are 100€/Hour and I think one hour should be enough to achieve what you want to do. What do you think about that ? Best Regards Jean-Laurent Ivars Responsable Technique | Technical Manager 22, rue Robert - 13007 Marseille Mobile: 06.52.60.86.47 - Tel: 09 84 56 64 30 - Fax: 09 89 56 64 30 Linkedin http://fr.linkedin.com/in/jlivars/ | Viadeo http://www.viadeo.com/fr/profile/jean-laurent.ivars | www.ipgenius.fr http://www.ipgenius.fr/ Le 22 mars 2015 à 18:40, Amit Saxena amit.sax...@fosteringlinux.com a écrit : Dear team I want to configure open VPN My set up environment totally on Virtual machine using oracle virtual box Mypfsense has 2 nic Wan 192.168.1.4 Lan 192.168.2.1 Client machine Xp lan 192.168.2.4 First I created server certificate After that I follow openvpn wizard step but still service not step and I have watched so many videos realetd pfsense Regards Amit Saxena ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold ___ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
[pfSense] little problem with pfsense
Hi Everyone, This is the first time i write a message here and maybe this is not the place, if i should write this in a forum please let me know… I am an very happy user of pfsense but right now i have a little problem, i explain you : I’m using the last stable version. I have dhcp server enabled and some static leases for some of my hosts. Until here nothing special :) There is different domains in this network so i have to set different DNS servers and domain search suffix. My hosts are heterogenes, there is win7, win8, mac, smartphones, tablets… when i create a lease reservation in the dhcp settings and the machine connects it obtains the right parameters, so everything is ok, but in fact it’s NOT :( What happens (only for the win7 hosts, other are perfects, bad win7 nasty nasty) after a few second, and especially when you launch i.e. win7 seem to make some kind of new dhcp request although it already has it’s ip address and then it looses all it’s specifics parameters, DNS servers, DNS search suffix… it only keep its ip and gw address… After a lot of search i found it has to deal with some kind of proxy search that initiate a new incomplete request and when you add in your dhcp options « 252 \n » witch basically say to windows : stop asking, there is no proxy period ! win7 keep it’s good parameter but sometimes it looses it again (i couldn’t identify precisely when…) The 252 option is a workaround but the solution would be dhcpd gives the whole parameters every time it is requested to, no ? Is it a bug ? am i doing something wrong ? please i really need help on this Best regards, PS Sorry for my english i hope you’ll understand me Jean-Laurent Ivars Responsable Technique | Technical Manager 22, rue Robert - 13007 Marseille Mobile: 06.52.60.86.47 - Tel: 09 84 56 64 30 - Fax: 09 89 56 64 30 Linkedin http://fr.linkedin.com/in/jlivars/ | Viadeo http://www.viadeo.com/fr/profile/jean-laurent.ivars | www.ipgenius.fr http://www.ipgenius.fr/ ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] does it work ?
hello ? sorry for noise but not sure if it works… Jean-Laurent Ivars Responsable Technique | Technical Manager 22, rue Robert - 13007 Marseille Mobile: 06.52.60.86.47 - Tel: 09 84 56 64 30 - Fax: 09 89 56 64 30 Linkedin http://fr.linkedin.com/in/jlivars/ | Viadeo http://www.viadeo.com/fr/profile/jean-laurent.ivars | www.ipgenius.fr http://www.ipgenius.fr/ ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] little problem with pfsense
Well thank you for your answer, this is exactly the same result that when i set the option 252 with null parameters in the DHCP (WindowsProxyAutodiscoveryDetection) But this is workaround, the real question is why the dhcp server is not providing the rights settings ? Jean-Laurent Ivars Responsable Technique | Technical Manager 22, rue Robert - 13007 Marseille Mobile: 06.52.60.86.47 - Tel: 09 84 56 64 30 - Fax: 09 89 56 64 30 Linkedin | Viadeo | www.ipgenius.fr Le 24 nov. 2014 à 13:24, Doug Lytle supp...@drdos.info a écrit : What happens (only for the win7 hosts, other are perfects, bad win7 nasty nasty) after a few second, and especially when you launch i.e. win7 seem to make some kind of new dhcp request Just a hunch, On the Windows 7 machine, go into Control Panel = Internet Options = Connections Tab = Lan Settings Uncheck 'Automatically Detect Settings' Doug ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] little problem with pfsense
.net.https IPG1.tutu.local.49185: Flags [.], ack 1982, win 370, length 0 14:09:44.704497 IP par03s14-in-f23.1e100.net.https IPG1.tutu.local.49185: Flags [P.], ack 1982, win 370, length 1416 14:09:44.704534 IP par03s14-in-f23.1e100.net.https IPG1.tutu.local.49185: Flags [P.], ack 1982, win 370, length 234 14:09:44.704679 IP IPG1.tutu.local.49185 par03s14-in-f23.1e100.net.https: Flags [.], ack 6680, win 32890, length 0 14:09:45.126141 IP par03s14-in-f23.1e100.net.https IPG1.tutu.local.49185: Flags [P.], ack 1982, win 370, length 1416 14:09:45.126177 IP par03s14-in-f23.1e100.net.https IPG1.tutu.local.49185: Flags [.], ack 1982, win 370, length 1430 14:09:45.126229 IP par03s14-in-f23.1e100.net.https IPG1.tutu.local.49185: Flags [P.], ack 1982, win 370, length 1402 14:09:45.126254 IP par03s14-in-f23.1e100.net.https IPG1.tutu.local.49185: Flags [.], ack 1982, win 370, length 1430 14:09:45.126280 IP par03s14-in-f23.1e100.net.https IPG1.tutu.local.49185: Flags [.], ack 1982, win 370, length 1430 14:09:45.126314 IP par03s14-in-f23.1e100.net.https IPG1.tutu.local.49185: Flags [P.], ack 1982, win 370, length 1388 14:09:45.126341 IP par03s14-in-f23.1e100.net.https IPG1.tutu.local.49185: Flags [P.], ack 1982, win 370, length 396 14:09:45.126445 IP IPG1.tutu.local.49185 par03s14-in-f23.1e100.net.https: Flags [.], ack 9526, win 32890, length 0 14:09:45.126485 IP IPG1.tutu.local.49185 par03s14-in-f23.1e100.net.https: Flags [.], ack 10928, win 32539, length 0 14:09:45.126536 IP IPG1.tutu.local.49185 par03s14-in-f23.1e100.net.https: Flags [.], ack 13788, win 32890, length 0 14:09:45.126591 IP IPG1.tutu.local.49185 par03s14-in-f23.1e100.net.https: Flags [.], ack 15176, win 32543, length 0 14:09:45.126636 IP IPG1.tutu.local.49185 par03s14-in-f23.1e100.net.https: Flags [.], ack 15572, win 32890, length 0 14:09:45.137694 IP par03s14-in-f23.1e100.net.https IPG1.tutu.local.49185: Flags [P.], ack 1982, win 370, length 1416 14:09:45.137841 IP IPG1.tutu.local.49185 par03s14-in-f23.1e100.net.https: Flags [.], ack 16988, win 32536, length 0 14:09:45.138466 IP par03s14-in-f23.1e100.net.https IPG1.tutu.local.49185: Flags [.], ack 1982, win 370, length 1430 14:09:45.138508 IP par03s14-in-f23.1e100.net.https IPG1.tutu.local.49185: Flags [P.], ack 1982, win 370, length 1275 14:09:45.138614 IP IPG1.tutu.local.49185 par03s14-in-f23.1e100.net.https: Flags [.], ack 19693, win 32890, length 0 14:09:45.145145 IP par03s14-in-f23.1e100.net.https IPG1.tutu.local.49185: Flags [P.], ack 1982, win 370, length 239 14:09:45.145281 IP IPG1.tutu.local.49185 par03s14-in-f23.1e100.net.https: Flags [.], ack 19932, win 32830, length 0 14:09:45.212081 IP IPG1.tutu.local.49185 par03s14-in-f23.1e100.net.https: Flags [P.], ack 19932, win 32830, length 1143 14:09:45.224186 IP par03s14-in-f23.1e100.net.https IPG1.tutu.local.49185: Flags [.], ack 3125, win 388, length 0 ^C190 packets captured 190 packets received by filter 0 packets dropped by kernel Jean-Laurent Ivars Responsable Technique | Technical Manager 22, rue Robert - 13007 Marseille Mobile: 06.52.60.86.47 - Tel: 09 84 56 64 30 - Fax: 09 89 56 64 30 Linkedin http://fr.linkedin.com/in/jlivars/ | Viadeo http://www.viadeo.com/fr/profile/jean-laurent.ivars | www.ipgenius.fr http://www.ipgenius.fr/ Le 24 nov. 2014 à 13:56, Espen Johansen pfse...@gmail.com a écrit : Tcpdump and you will know the answer to that. 24. nov. 2014 13:35 skrev Jean-Laurent Ivars jl.iv...@ipgenius.fr mailto:jl.iv...@ipgenius.fr følgende: Well thank you for your answer, this is exactly the same result that when i set the option 252 with null parameters in the DHCP (WindowsProxyAutodiscoveryDetection) But this is workaround, the real question is why the dhcp server is not providing the rights settings ? Jean-Laurent Ivars Responsable Technique | Technical Manager 22, rue Robert - 13007 Marseille Mobile: 06.52.60.86.47 - Tel: 09 84 56 64 30 - Fax: 09 89 56 64 30 Linkedin | Viadeo | www.ipgenius.fr http://www.ipgenius.fr/ Le 24 nov. 2014 à 13:24, Doug Lytle supp...@drdos.info mailto:supp...@drdos.info a écrit : What happens (only for the win7 hosts, other are perfects, bad win7 nasty nasty) after a few second, and especially when you launch i.e. win7 seem to make some kind of new dhcp request Just a hunch, On the Windows 7 machine, go into Control Panel = Internet Options = Connections Tab = Lan Settings Uncheck 'Automatically Detect Settings' Doug ___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org mailto:List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list https://lists.pfsense.org/mailman/listinfo
Re: [pfSense] little problem with pfsense
I have the packet that gives the wrong informations but i don’t know how to do a dump raw… Maybe you can understand this ? eeb4771246402e659ef70a5408004500014881ed4011795dc0a8fefec0a8fe0a00430044013425c3020106001b507d3bc0a8fe0aeeb477124640638253633501053604c0a8fefe0104ff000f0b697067656e6975732e66720304c0a8fefe0604c0a8fefeff00 Jean-Laurent Ivars Responsable Technique | Technical Manager 22, rue Robert - 13007 Marseille Mobile: 06.52.60.86.47 - Tel: 09 84 56 64 30 - Fax: 09 89 56 64 30 Linkedin http://fr.linkedin.com/in/jlivars/ | Viadeo http://www.viadeo.com/fr/profile/jean-laurent.ivars | www.ipgenius.fr http://www.ipgenius.fr/ Le 24 nov. 2014 à 14:32, Espen Johansen pfse...@gmail.com a écrit : Grab the packet containing the dhcp request/reply that breaks the win7 client. Wireshark will help you analyze this properly. Sorry, cant help you more then that. Feel free to post a raw dump of the packets that breaks win7 and I'll take a look. -lsf 24. nov. 2014 14:21 skrev Jean-Laurent Ivars jl.iv...@ipgenius.fr mailto:jl.iv...@ipgenius.fr følgende: i’m so sorry but i don’t see the answer… 1. I put off 252 option from dhcp server 2. I made ipconfig /renew on the host then check the settings where corrects 3. launch i.e. then press random buttons, the close 4. i made ipconfig /all and can see parameter are back to bad ones If you can understand pore than me, please tell me witch line answer to the question… [2.1.5-RELEASE][r...@toto.tutu.fr mailto:r...@toto.tutu.fr]/root(5): tcpdump -i vtnet1 | grep -v ARP tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vtnet1, link-type EN10MB (Ethernet), capture size 96 bytes 14:09:24.779450 IP IPG1.tutu.local.bootpc firewall.ipgenius.fr.bootps: BOOTP/DHCP, Request from ee:b4:77:12:46:40 (oui Unknown), length 300 14:09:24.779680 IP firewall.ipgenius.fr.bootps IPG1.tutu.local.bootpc: BOOTP/DHCP, Reply, length 300 14:09:24.782818 IP IPG1.tutu.local all-routers.mcast.net http://all-routers.mcast.net/: igmp leave 224.0.0.252 14:09:24.785573 IP IPG1.tutu.local all-routers.mcast.net http://all-routers.mcast.net/: igmp leave 224.0.0.252 14:09:24.788170 IP6 fe80::a8c6:c004:d018:251.49580 ff02::1:3.5355: UDP, length 25 14:09:24.788446 IP IPG1.tutu.local.61967 224.0.0.252.5355: UDP, length 25 14:09:24.896913 IP6 fe80::a8c6:c004:d018:251.49580 ff02::1:3.5355: UDP, length 25 14:09:24.896944 IP IPG1.tutu.local.61967 224.0.0.252.5355: UDP, length 25 14:09:42.189605 IP IPG1.tutu.local.59770 google-public-dns-b.google.com.domain: 61225+ A? www.google.fr http://www.google.fr/. (31) 14:09:42.194543 IP google-public-dns-b.google.com.domain IPG1.tutu.local.59770: 61225 3/0/0 A 173.194.41.55,[|domain] 14:09:42.378885 IP IPG1.tutu.local.56421 google-public-dns-b.google.com.domain: 49131+ A? wpad.tutu.local. (33) 14:09:42.381022 IP IPG1.tutu.local.bootpc 255.255.255.255.bootps: BOOTP/DHCP, Request from ee:b4:77:12:46:40 (oui Unknown), length 300 14:09:42.381247 IP firewall.ipgenius.fr.bootps IPG1.tutu.local.bootpc: BOOTP/DHCP, Reply, length 300 14:09:42.398465 IP IPG1.tutu.local.54954 google-public-dns-b.google.com.domain: 20328+ A? ssl.gstatic.com http://ssl.gstatic.com/. (33) 14:09:42.398756 IP IPG1.tutu.local.55282 google-public-dns-b.google.com.domain: 34794+ A? www.google.com http://www.google.com/. (32) 14:09:42.399292 IP IPG1.tutu.local.62442 google-public-dns-b.google.com.domain: 56847+ A? www.gstatic.com http://www.gstatic.com/. (33) 14:09:42.400054 IP IPG1.tutu.local.58409 google-public-dns-b.google.com.domain: 50690+ A? apis.google.com http://apis.google.com/. (33) 14:09:42.402225 IP IPG1.tutu.local.49184 par03s14-in-f23.1e100.net.https: Flags [S], seq 1887194521, win 8192, options [mss 1460,nop,wscale 2,nop,nop,sackOK], length 0 14:09:42.403387 IP google-public-dns-b.google.com.domain IPG1.tutu.local.54954: 20328 2/0/0 A 74.125.133.94, (65) 14:09:42.403728 IP google-public-dns-b.google.com.domain IPG1.tutu.local.55282: 34794 6/0/0 A 74.125.71.106,[|domain] 14:09:42.404148 IP google-public-dns-b.google.com.domain IPG1.tutu.local.62442: 56847 4/0/0 A 173.194.41.55,[|domain] 14:09:42.404959 IP google-public-dns-b.google.com.domain IPG1.tutu.local.58409: 50690 7/0/0 CNAME plus.l.google.com http://plus.l.google.com/.[|domain] 14:09:42.414079 IP google-public-dns-b.google.com.domain IPG1.tutu.local.56421: 49131 NXDomain 0/1
Re: [pfSense] DKIM Re: little problem with pfsense
i think this is exactly the problem i have ! i would like to apply this patch to my installation, it seem not to be a big change in the code, could you tell me how can i do this ?? many thanks Jean-Laurent Ivars Responsable Technique | Technical Manager 22, rue Robert - 13007 Marseille Mobile: 06.52.60.86.47 - Tel: 09 84 56 64 30 - Fax: 09 89 56 64 30 Linkedin | Viadeo | www.ipgenius.fr Le 24 nov. 2014 à 14:54, julien soula julien.so...@laposte.net a écrit : On Mon, Nov 24, 2014 at 01:35:32PM +0100, Jean-Laurent Ivars wrote: Well thank you for your answer, this is exactly the same result that when i set the option 252 with null parameters in the DHCP (WindowsProxyAutodiscoveryDetection) But this is workaround, the real question is why the dhcp server is not providing the rights settings ? May be the missing informations are in a group statement ? we noticed that isc-dhcp didn't read group statement config with dhcpinform packet whereas it read it with dhcprequest packet. We sent a patch to the team [ISC-Bugs #35712] in april but no news until now ! diff --git a/server/dhcp.c b/server/dhcp.c index 8039817..775b7af 100644 --- a/server/dhcp.c +++ b/server/dhcp.c @@ -1301,8 +1301,7 @@ void dhcpinform (packet, ms_nulltp) execute_statements_in_scope(NULL, packet, NULL, NULL, packet-options, options, global_scope, host-group, - host-group ? - host-group-next : NULL, + subnet ? subnet-group : ( host-group ? host-group-next : NULL), NULL); host_dereference (host, MDL); } sincerly, -- Julien Vous n'avez rien a dire... Parlons-en! ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
