Re: [pfSense] pfsense fw blocking internal requests
protocol in the rule is any. here's what the rule looks like: Action:Pass Interface: LAN TCP/IP: IPv4 protocol: any source: Type: network, address: 192.168.0.0/24 destination: any On Jul 22, 2014, at 4:16 PM, Justin Edmands wrote: > It's most likely your specified Protocol in the "allow" rule you have > set. Open the rule that you believe should allow the traffic and > change the rule from TCP, UDP, TCP/UDP to say any. > > On Tue, Jul 22, 2014 at 5:30 PM, Khurram Khan wrote: >> Hi Team, >> >> Trying to figure out an issue i'm facing with pfsense 2.1.4. I'm routing >> 192.168.0.0/24 via pfsense. this block resides on a linux machine. within >> the internal LAB if i ping to 192.168.0.5 , all the machines on the LAN can >> ping successfully. However, if i ping from the linux machine , sourcing from >> 192.168.0.5, to the pfsense LAN IP , my pings fail. i've got a firewall rule >> on the pfsense firewall allowing anything from 192.168.0.0/24 to anything. >> >> here's what the topology looks like: >> >> >> internet <> rl1 <> pfsense <> rl0 <> LAN >> >> LAN subnet (rl0) : 10.10.171.0/24 >> >> here are the routes on the pfsense appliance: >> >> [2.1.4-RELEASE][ad...@pfw01.b.lan]/root(1): netstat -rn | grep 192.168. >> 192.168.0.0/24 10.10.171.80 UGS 0 161rl0 >> >> and here's the rl0 interface: >> >> [2.1.4-RELEASE][ad...@pfw01.b.lan]/root(4): ifconfig rl0 | grep inet | grep >> -v inet6 >>inet 10.10.171.1 netmask 0xff00 broadcast 10.10.171.255 >> >> >> >> the LAN subnet is : 10.10.171.0/24 >> the server that 192.168.0.0/24 resides on is : 10.10.171.80 >> >> >> when trying to initiate the ping from 10.10.171.80, sourcing 192.168.0.5 and >> destined for 10.10.171.1 (rl0), pings fail and here is what i see in the >> logs: >> >> >> Jul 22 15:27:53 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:00.60 rule >> 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22636, offset 0, flags >> [DF], proto ICMP (1), length 84) >> Jul 22 15:27:54 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:00.84 rule >> 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22638, offset 0, flags >> [DF], proto ICMP (1), length 84) >> Jul 22 15:27:54 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:00.84 rule >> 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22638, offset 0, flags >> [DF], proto ICMP (1), length 84) >> Jul 22 15:27:54 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:00.84 rule >> 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22638, offset 0, flags >> [DF], proto ICMP (1), length 84) >> Jul 22 15:27:55 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:01.45 rule >> 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22640, offset 0, flags >> [DF], proto ICMP (1), length 84) >> Jul 22 15:27:55 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:01.45 rule >> 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22640, offset 0, flags >> [DF], proto ICMP (1), length 84) >> Jul 22 15:27:55 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:01.45 rule >> 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22640, offset 0, flags >> [DF], proto ICMP (1), length 84) >> Jul 22 15:27:56 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:01.02 rule >> 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22642, offset 0, flags >> [DF], proto ICMP (1), length 84) >> >> >> the fact that the firewall rule is there on the LAN interface , permitting >> anything from 192.168/24 , plus not blocking any bogons or private addresses >> on this interface, i'm scratching my head. >> if someone has any ideas, would really appreciate it. >> >> >> >> >> ___ >> List mailing list >> List@lists.pfsense.org >> https://lists.pfsense.org/mailman/listinfo/list > ___ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list signature.asc Description: Message signed with OpenPGP using GPGMail ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] pfsense fw blocking internal requests
It's most likely your specified Protocol in the "allow" rule you have set. Open the rule that you believe should allow the traffic and change the rule from TCP, UDP, TCP/UDP to say any. On Tue, Jul 22, 2014 at 5:30 PM, Khurram Khan wrote: > Hi Team, > > Trying to figure out an issue i'm facing with pfsense 2.1.4. I'm routing > 192.168.0.0/24 via pfsense. this block resides on a linux machine. within the > internal LAB if i ping to 192.168.0.5 , all the machines on the LAN can ping > successfully. However, if i ping from the linux machine , sourcing from > 192.168.0.5, to the pfsense LAN IP , my pings fail. i've got a firewall rule > on the pfsense firewall allowing anything from 192.168.0.0/24 to anything. > > here's what the topology looks like: > > > internet <> rl1 <> pfsense <> rl0 <> LAN > > LAN subnet (rl0) : 10.10.171.0/24 > > here are the routes on the pfsense appliance: > > [2.1.4-RELEASE][ad...@pfw01.b.lan]/root(1): netstat -rn | grep 192.168. > 192.168.0.0/24 10.10.171.80 UGS 0 161rl0 > > and here's the rl0 interface: > > [2.1.4-RELEASE][ad...@pfw01.b.lan]/root(4): ifconfig rl0 | grep inet | grep > -v inet6 > inet 10.10.171.1 netmask 0xff00 broadcast 10.10.171.255 > > > > the LAN subnet is : 10.10.171.0/24 > the server that 192.168.0.0/24 resides on is : 10.10.171.80 > > > when trying to initiate the ping from 10.10.171.80, sourcing 192.168.0.5 and > destined for 10.10.171.1 (rl0), pings fail and here is what i see in the logs: > > > Jul 22 15:27:53 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:00.60 rule > 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22636, offset 0, flags > [DF], proto ICMP (1), length 84) > Jul 22 15:27:54 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:00.84 rule > 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22638, offset 0, flags > [DF], proto ICMP (1), length 84) > Jul 22 15:27:54 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:00.84 rule > 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22638, offset 0, flags > [DF], proto ICMP (1), length 84) > Jul 22 15:27:54 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:00.84 rule > 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22638, offset 0, flags > [DF], proto ICMP (1), length 84) > Jul 22 15:27:55 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:01.45 rule > 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22640, offset 0, flags > [DF], proto ICMP (1), length 84) > Jul 22 15:27:55 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:01.45 rule > 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22640, offset 0, flags > [DF], proto ICMP (1), length 84) > Jul 22 15:27:55 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:01.45 rule > 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22640, offset 0, flags > [DF], proto ICMP (1), length 84) > Jul 22 15:27:56 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:01.02 rule > 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22642, offset 0, flags > [DF], proto ICMP (1), length 84) > > > the fact that the firewall rule is there on the LAN interface , permitting > anything from 192.168/24 , plus not blocking any bogons or private addresses > on this interface, i'm scratching my head. > if someone has any ideas, would really appreciate it. > > > > > ___ > List mailing list > List@lists.pfsense.org > https://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
[pfSense] pfsense fw blocking internal requests
Hi Team, Trying to figure out an issue i'm facing with pfsense 2.1.4. I'm routing 192.168.0.0/24 via pfsense. this block resides on a linux machine. within the internal LAB if i ping to 192.168.0.5 , all the machines on the LAN can ping successfully. However, if i ping from the linux machine , sourcing from 192.168.0.5, to the pfsense LAN IP , my pings fail. i've got a firewall rule on the pfsense firewall allowing anything from 192.168.0.0/24 to anything. here's what the topology looks like: internet <> rl1 <> pfsense <> rl0 <> LAN LAN subnet (rl0) : 10.10.171.0/24 here are the routes on the pfsense appliance: [2.1.4-RELEASE][ad...@pfw01.b.lan]/root(1): netstat -rn | grep 192.168. 192.168.0.0/24 10.10.171.80 UGS 0 161rl0 and here's the rl0 interface: [2.1.4-RELEASE][ad...@pfw01.b.lan]/root(4): ifconfig rl0 | grep inet | grep -v inet6 inet 10.10.171.1 netmask 0xff00 broadcast 10.10.171.255 the LAN subnet is : 10.10.171.0/24 the server that 192.168.0.0/24 resides on is : 10.10.171.80 when trying to initiate the ping from 10.10.171.80, sourcing 192.168.0.5 and destined for 10.10.171.1 (rl0), pings fail and here is what i see in the logs: Jul 22 15:27:53 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:00.60 rule 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22636, offset 0, flags [DF], proto ICMP (1), length 84) Jul 22 15:27:54 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:00.84 rule 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22638, offset 0, flags [DF], proto ICMP (1), length 84) Jul 22 15:27:54 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:00.84 rule 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22638, offset 0, flags [DF], proto ICMP (1), length 84) Jul 22 15:27:54 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:00.84 rule 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22638, offset 0, flags [DF], proto ICMP (1), length 84) Jul 22 15:27:55 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:01.45 rule 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22640, offset 0, flags [DF], proto ICMP (1), length 84) Jul 22 15:27:55 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:01.45 rule 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22640, offset 0, flags [DF], proto ICMP (1), length 84) Jul 22 15:27:55 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:01.45 rule 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22640, offset 0, flags [DF], proto ICMP (1), length 84) Jul 22 15:27:56 pfw01.rl0.171.10.10.in-addr.arpa pf: 00:00:01.02 rule 3/0(match): block in on rl0: (tos 0x0, ttl 64, id 22642, offset 0, flags [DF], proto ICMP (1), length 84) the fact that the firewall rule is there on the LAN interface , permitting anything from 192.168/24 , plus not blocking any bogons or private addresses on this interface, i'm scratching my head. if someone has any ideas, would really appreciate it. signature.asc Description: Message signed with OpenPGP using GPGMail ___ List mailing list List@lists.pfsense.org https://lists.pfsense.org/mailman/listinfo/list
