protocol in the rule is any. here's what the rule looks like:
Action:Pass
Interface: LAN
TCP/IP: IPv4
protocol: any
source: Type: network, address: 192.168.0.0/24
destination: any
On Jul 22, 2014, at 4:16 PM, Justin Edmands wrote:
It's most likely your specified Protocol in the allow rule you have
set. Open the rule that you believe should allow the traffic and
change the rule from TCP, UDP, TCP/UDP to say any.
On Tue, Jul 22, 2014 at 5:30 PM, Khurram Khan brokenf...@gmail.com wrote:
Hi Team,
Trying to figure out an issue i'm facing with pfsense 2.1.4. I'm routing
192.168.0.0/24 via pfsense. this block resides on a linux machine. within
the internal LAB if i ping to 192.168.0.5 , all the machines on the LAN can
ping successfully. However, if i ping from the linux machine , sourcing from
192.168.0.5, to the pfsense LAN IP , my pings fail. i've got a firewall rule
on the pfsense firewall allowing anything from 192.168.0.0/24 to anything.
here's what the topology looks like:
internet rl1 pfsense rl0 LAN
LAN subnet (rl0) : 10.10.171.0/24
here are the routes on the pfsense appliance:
[2.1.4-RELEASE][ad...@pfw01.b.lan]/root(1): netstat -rn | grep 192.168.
192.168.0.0/24 10.10.171.80 UGS 0 161rl0
and here's the rl0 interface:
[2.1.4-RELEASE][ad...@pfw01.b.lan]/root(4): ifconfig rl0 | grep inet | grep
-v inet6
inet 10.10.171.1 netmask 0xff00 broadcast 10.10.171.255
the LAN subnet is : 10.10.171.0/24
the server that 192.168.0.0/24 resides on is : 10.10.171.80
when trying to initiate the ping from 10.10.171.80, sourcing 192.168.0.5 and
destined for 10.10.171.1 (rl0), pings fail and here is what i see in the
logs:
Jul 22 15:27:53 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:00.60 rule
3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22636, offset 0, flags
[DF], proto ICMP (1), length 84)
Jul 22 15:27:54 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:00.84 rule
3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22638, offset 0, flags
[DF], proto ICMP (1), length 84)
Jul 22 15:27:54 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:00.84 rule
3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22638, offset 0, flags
[DF], proto ICMP (1), length 84)
Jul 22 15:27:54 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:00.84 rule
3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22638, offset 0, flags
[DF], proto ICMP (1), length 84)
Jul 22 15:27:55 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:01.45 rule
3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22640, offset 0, flags
[DF], proto ICMP (1), length 84)
Jul 22 15:27:55 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:01.45 rule
3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22640, offset 0, flags
[DF], proto ICMP (1), length 84)
Jul 22 15:27:55 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:01.45 rule
3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22640, offset 0, flags
[DF], proto ICMP (1), length 84)
Jul 22 15:27:56 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:01.02 rule
3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22642, offset 0, flags
[DF], proto ICMP (1), length 84)
the fact that the firewall rule is there on the LAN interface , permitting
anything from 192.168/24 , plus not blocking any bogons or private addresses
on this interface, i'm scratching my head.
if someone has any ideas, would really appreciate it.
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list
signature.asc
Description: Message signed with OpenPGP using GPGMail
___
List mailing list
List@lists.pfsense.org
https://lists.pfsense.org/mailman/listinfo/list