[pfSense Support] PPTP Connected?
Hi Using 1.2.3-RELEASE (embedded) I have a PPTP server configured and I can connect remotely however I still cannot connect with anything on the LAN. I think the issue is the IP assigned to remote connections is remotely said to be 255.255.255.255 while the LAN is using 255.255.255.0, the IP address assigned seems OK. Can someone guide me from here? No Radius or WINS server is involved. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PPTP Connected?
On Tue, Mar 30, 2010 at 5:39 AM, Tortise tort...@paradise.net.nz wrote: Hi Using 1.2.3-RELEASE (embedded) I have a PPTP server configured and I can connect remotely however I still cannot connect with anything on the LAN. I think the issue is the IP assigned to remote connections is remotely said to be 255.255.255.255 while the LAN is using 255.255.255.0, the IP address assigned seems OK. That's normal. You're probably missing a firewall rule on the PPTP tab. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] PPTP Connected?
- Original Message - From: Chris Buechler cbuech...@gmail.com To: support@pfsense.com Sent: Tuesday, March 30, 2010 10:41 PM Subject: Re: [pfSense Support] PPTP Connected? On Tue, Mar 30, 2010 at 5:39 AM, Tortise tort...@paradise.net.nz wrote: Hi Using 1.2.3-RELEASE (embedded) I have a PPTP server configured and I can connect remotely however I still cannot connect with anything on the LAN. I think the issue is the IP assigned to remote connections is remotely said to be 255.255.255.255 while the LAN is using 255.255.255.0, the IP address assigned seems OK. That's normal. You're probably missing a firewall rule on the PPTP tab. There is a pass * rule under the PPTP VPN firewall tab for TCP, perhaps it should be all? I'd have thought TCP would allow browsing on the LAN web servers though, which fails. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] MultiWAN Failover via internal networks with WAN as secondary
Hi, I'm trying to setup this: ___ () () ( inet )( inet ) () () |22.22.22.4 |172.16.0.2 | | | | |22.22.22.1(WAN)|172.16.0.1 - 172.24.24.12___|__ --|pfSense x2 |---| ROUTER GW | LAN |___|172.24.24.20 (OPT2) | || | | | 192.168.212.20 |192.168.212.254(OPT1)| | | |172.24.24.0/24 | | | | | |___| | | 192.168.212.0/24 | Requirements: Connection should alway go via ROUTER GW, but default gateway for all machines in both networks should be pfsense (OPT1 and OPT2) If 172.24.24.12 is down conection should go via pfSense WAN interface If 192.168.212.20 is down conection should go via pfSense WAN interface Interface LAN not used because Failover gateway cannot be specified at pfSense 1.2.3 in LAN Interface I´m stucked. I followed MutiWAN tutorial, but when I create Failover using gateways to monitor, I see the same address for WAN an OPT1 in the pool... Any ideas Thanks -- dpc
Re: [pfSense Support] PPTP Connected?
Tortise wrote: Hi Using 1.2.3-RELEASE (embedded) I have a PPTP server configured and I can connect remotely however I still cannot connect with anything on the LAN. I think the issue is the IP assigned to remote connections is remotely said to be 255.255.255.255 while the LAN is using 255.255.255.0, the IP address assigned seems OK. Can someone guide me from here? No Radius or WINS server is involved. Does IP assigned via PPTP belong to LAN subnet? Can you you give us netstat -rn from computer connected to this PPTP? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] MultiWAN Failover via internal networks with WAN as secondary
Danny wrote: Hi, I'm trying to setup this: ___ () () ( inet )( inet ) () () |22.22.22.4 |172.16.0.2 | | | | |22.22.22.1(WAN)|172.16.0.1 - 172.24.24.12___|__ --|pfSense x2 |---| ROUTER GW | LAN |___|172.24.24.20 (OPT2) | || | | | 192.168.212.20 |192.168.212.254(OPT1)| | | |172.24.24.0/24 http://172.24.24.0/24 | | | | | |___| | | 192.168.212.0/24 http://192.168.212.0/24 | Requirements: Connection should alway go via ROUTER GW, but default gateway for all machines in both networks should be pfsense (OPT1 and OPT2) If 172.24.24.12 is down conection should go via pfSense WAN interface If 192.168.212.20 is down conection should go via pfSense WAN interface Interface LAN not used because Failover gateway cannot be specified at pfSense 1.2.3 in LAN Interface I´m stucked. I followed MutiWAN tutorial, but when I create Failover using gateways to monitor, I see the same address for WAN an OPT1 in the pool... Any ideas Thanks -- dpc I am afraid you have wrong understanding of MultiWAN. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] MultiWAN Failover via internal networks with WAN as secondary
Hi, Maybe It´s better try to explain the diagram a bit more. If my PC it´s in 192.168.212.0/24 network, my default gateway should be pfsense, but should take OPT2 as primary WAN If my PC it´s in 172.24.24.0/24 network, my default gateway should be pfsense, but should take OPT1 as primary WAN I mean despite I´ve got only a WAN directly connected to the pfsense, this native WAN interface shoulf be secondary. Depending on the network i am, I´ve got two possible paths to reach internet, and should have the possibility to failover or LoadBalance them... So. I´m behind a pfsense firewall with 2 possibilities to reach internet Regards On Tue, Mar 30, 2010 at 3:32 PM, Evgeny Yurchenko evg.yu...@rogers.comwrote: Danny wrote: Hi, I'm trying to setup this: ___ () () ( inet )( inet ) () () |22.22.22.4 |172.16.0.2 | | | | |22.22.22.1(WAN)|172.16.0.1 - 172.24.24.12___|__ --|pfSense x2 |---| ROUTER GW | LAN |___|172.24.24.20 (OPT2) | || | | | 192.168.212.20 |192.168.212.254(OPT1)| | | |172.24.24.0/24 http://172.24.24.0/24 | | | | | |___| | | 192.168.212.0/24 http://192.168.212.0/24 | Requirements: Connection should alway go via ROUTER GW, but default gateway for all machines in both networks should be pfsense (OPT1 and OPT2) If 172.24.24.12 is down conection should go via pfSense WAN interface If 192.168.212.20 is down conection should go via pfSense WAN interface Interface LAN not used because Failover gateway cannot be specified at pfSense 1.2.3 in LAN Interface I´m stucked. I followed MutiWAN tutorial, but when I create Failover using gateways to monitor, I see the same address for WAN an OPT1 in the pool... Any ideas Thanks -- dpc I am afraid you have wrong understanding of MultiWAN. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- dpc
Re: [pfSense Support] MultiWAN Failover via internal networks with WAN as secondary
Evgeny Yurchenko wrote: Danny wrote: Hi, I'm trying to setup this: ___ () () ( inet )( inet ) () () |22.22.22.4 |172.16.0.2 | | | | |22.22.22.1(WAN) |172.16.0.1 - 172.24.24.12___|__ --|pfSense x2 |---| ROUTER GW | LAN |___|172.24.24.20 (OPT2) | || | | | 192.168.212.20 |192.168.212.254(OPT1)| | | |172.24.24.0/24 http://172.24.24.0/24 | | | | | |___| | | 192.168.212.0/24 http://192.168.212.0/24 | Requirements: Connection should alway go via ROUTER GW, but default gateway for all machines in both networks should be pfsense (OPT1 and OPT2) If 172.24.24.12 is down conection should go via pfSense WAN interface If 192.168.212.20 is down conection should go via pfSense WAN interface Interface LAN not used because Failover gateway cannot be specified at pfSense 1.2.3 in LAN Interface I´m stucked. I followed MutiWAN tutorial, but when I create Failover using gateways to monitor, I see the same address for WAN an OPT1 in the pool... Any ideas Thanks -- dpc I am afraid you have wrong understanding of MultiWAN. I think you should be doing the next: () () ( inet ) ( inet ) () () |22.22.22.4 |172.16.0.2 | | | | |22.22.22.1(WAN)|172.16.0.1(OPT1) | - | ---|pfSense x2 |--- |___| 172.24.24.20 (LAN) | |192.168.212.254(OPT2) | | | | 172.24.24.0/24 | 192.168.212.0/24 - - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] MultiWAN Failover via internal networks with WAN as secondary
I cannot do that, because the main infrastructured is already built-in. I mean 192.168.212.0/24 and 172.24.24.0/24, both got ROUTER GW as default router today. I have installed 2xPfsense, plugged in this way OPT1 in 192.168.212.0/24 OPT2 in 172.24.24.0/24 We have leased a WAN Link, (pfSense WAN interface) Tomorrow we have to change the default gateway for both networks, to point to pfsense, LoadBalacing with failover, to continue using former link, and in case the ROUTER GW is down, use the WAN of pfSense as an alternative ROUTER GW, and inet (172.16.0.2), is managed by third parties, that´s the reason I cannot plug directly to pfsense Thank you Regards On Tue, Mar 30, 2010 at 4:14 PM, Evgeny Yurchenko evg.yu...@rogers.comwrote: Evgeny Yurchenko wrote: Danny wrote: Hi, I'm trying to setup this: ___ () () ( inet )( inet ) () () |22.22.22.4 |172.16.0.2 | | | | |22.22.22.1(WAN)|172.16.0.1 - 172.24.24.12___|__ --|pfSense x2 |---| ROUTER GW | LAN |___|172.24.24.20 (OPT2) | || | | | 192.168.212.20 |192.168.212.254(OPT1)| | | |172.24.24.0/24 http://172.24.24.0/24 | | | | | |___| | | 192.168.212.0/24 http://192.168.212.0/24 | Requirements: Connection should alway go via ROUTER GW, but default gateway for all machines in both networks should be pfsense (OPT1 and OPT2) If 172.24.24.12 is down conection should go via pfSense WAN interface If 192.168.212.20 is down conection should go via pfSense WAN interface Interface LAN not used because Failover gateway cannot be specified at pfSense 1.2.3 in LAN Interface I´m stucked. I followed MutiWAN tutorial, but when I create Failover using gateways to monitor, I see the same address for WAN an OPT1 in the pool... Any ideas Thanks -- dpc I am afraid you have wrong understanding of MultiWAN. I think you should be doing the next: () () ( inet ) ( inet ) () () |22.22.22.4 |172.16.0.2 | | | | |22.22.22.1(WAN)|172.16.0.1(OPT1) | - | ---|pfSense x2 |--- |___| 172.24.24.20 (LAN) | |192.168.212.254(OPT2) | | | | 172.24.24.0/24 | 192.168.212.0/24 - - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- dpc
Re: [pfSense Support] MultiWAN Failover via internal networks with WAN as secondary
Danny wrote: I cannot do that, because the main infrastructured is already built-in. I mean 192.168.212.0/24 http://192.168.212.0/24 and 172.24.24.0/24 http://172.24.24.0/24, both got ROUTER GW as default router today. I have installed 2xPfsense, plugged in this way OPT1 in 192.168.212.0/24 http://192.168.212.0/24 OPT2 in 172.24.24.0/24 http://172.24.24.0/24 We have leased a WAN Link, (pfSense WAN interface) Tomorrow we have to change the default gateway for both networks, to point to pfsense, LoadBalacing with failover, to continue using former link, and in case the ROUTER GW is down, use the WAN of pfSense as an alternative ROUTER GW, and inet (172.16.0.2), is managed by third parties, that´s the reason I cannot plug directly to pfsense Thank you Regards On Tue, Mar 30, 2010 at 4:14 PM, Evgeny Yurchenko evg.yu...@rogers.com mailto:evg.yu...@rogers.com wrote: Evgeny Yurchenko wrote: Danny wrote: Hi, I'm trying to setup this: ___ () () ( inet ) ( inet ) () () |22.22.22.4 |172.16.0.2 | | | | |22.22.22.1(WAN) |172.16.0.1 - 172.24.24.12___|__ --|pfSense x2 |---| ROUTER GW | LAN |___|172.24.24.20 (OPT2) | || | | | 192.168.212.20 |192.168.212.254(OPT1)| | | |172.24.24.0/24 http://172.24.24.0/24 http://172.24.24.0/24 | | | | | |___| | | 192.168.212.0/24 http://192.168.212.0/24 http://192.168.212.0/24 | Requirements: Connection should alway go via ROUTER GW, but default gateway for all machines in both networks should be pfsense (OPT1 and OPT2) If 172.24.24.12 is down conection should go via pfSense WAN interface If 192.168.212.20 is down conection should go via pfSense WAN interface Interface LAN not used because Failover gateway cannot be specified at pfSense 1.2.3 in LAN Interface I´m stucked. I followed MutiWAN tutorial, but when I create Failover using gateways to monitor, I see the same address for WAN an OPT1 in the pool... Any ideas Thanks -- dpc I am afraid you have wrong understanding of MultiWAN. I think you should be doing the next: () () ( inet ) ( inet ) () () |22.22.22.4 |172.16.0.2 | | | | |22.22.22.1(WAN)|172.16.0.1(OPT1) | - | ---|pfSense x2 |--- |___| 172.24.24.20 (LAN) | |192.168.212.254(OPT2) | | | | 172.24.24.0/24 http://172.24.24.0/24 | 192.168.212.0/24 http://192.168.212.0/24 - - To unsubscribe, e-mail: support-unsubscr...@pfsense.com mailto:support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com mailto:support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- dpc Please do not toppost. What you are trying to do is failover at PCs level THEY have to switch to different gateway, THEY
Re: [pfSense Support] MultiWAN Failover via internal networks with WAN as secondary
On Tue, Mar 30, 2010 at 4:56 PM, Evgeny Yurchenko evg.yu...@rogers.comwrote: Danny wrote: I cannot do that, because the main infrastructured is already built-in. I mean 192.168.212.0/24 http://192.168.212.0/24 and 172.24.24.0/24 http://172.24.24.0/24, both got ROUTER GW as default router today. I have installed 2xPfsense, plugged in this way OPT1 in 192.168.212.0/24 http://192.168.212.0/24 OPT2 in 172.24.24.0/24 http://172.24.24.0/24 We have leased a WAN Link, (pfSense WAN interface) Tomorrow we have to change the default gateway for both networks, to point to pfsense, LoadBalacing with failover, to continue using former link, and in case the ROUTER GW is down, use the WAN of pfSense as an alternative ROUTER GW, and inet (172.16.0.2), is managed by third parties, that愀 the reason I cannot plug directly to pfsense Thank you Regards On Tue, Mar 30, 2010 at 4:14 PM, Evgeny Yurchenko evg.yu...@rogers.commailto: evg.yu...@rogers.com wrote: Evgeny Yurchenko wrote: Danny wrote: Hi, I'm trying to setup this: ___ () () ( inet ) ( inet ) () () |22.22.22.4 |172.16.0.2 | | | | |22.22.22.1(WAN) |172.16.0.1 - 172.24.24.12___|__ --|pfSense x2 |---| ROUTER GW | LAN |___|172.24.24.20 (OPT2) | || | | | 192.168.212.20 |192.168.212.254(OPT1)| | | |172.24.24.0/24 http://172.24.24.0/24 http://172.24.24.0/24 | | | | | |___| | | 192.168.212.0/24 http://192.168.212.0/24 http://192.168.212.0/24 | Requirements: Connection should alway go via ROUTER GW, but default gateway for all machines in both networks should be pfsense (OPT1 and OPT2) If 172.24.24.12 is down conection should go via pfSense WAN interface If 192.168.212.20 is down conection should go via pfSense WAN interface Interface LAN not used because Failover gateway cannot be specified at pfSense 1.2.3 in LAN Interface I惴 stucked. I followed MutiWAN tutorial, but when I create Failover using gateways to monitor, I see the same address for WAN an OPT1 in the pool... Any ideas Thanks -- dpc I am afraid you have wrong understanding of MultiWAN. I think you should be doing the next: () () ( inet ) ( inet ) () () |22.22.22.4 |172.16.0.2 | | | | |22.22.22.1(WAN)|172.16.0.1(OPT1) | - | ---|pfSense x2 |--- |___| 172.24.24.20 (LAN) | |192.168.212.254(OPT2) | | | | 172.24.24.0/24 http://172.24.24.0/24 | 192.168.212.0/24 http://192.168.212.0/24 - - To unsubscribe, e-mail: support-unsubscr...@pfsense.com mailto:support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com mailto:support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- dpc Please do not toppost. What you are trying to do is failover at PCs level THEY have to switch to different gateway, THEY somehow have to become aware that primary Internet link is down, you are taking away this from pfSense box, i.e. pfSense can not change default gateway on your workstations. With pfSense you still can use your ROUTER GW but not in scenario you described. Connect both lan segments to
Re: [pfSense Support] MultiWAN Failover via internal networks with WAN as secondary
Danny wrote: On Tue, Mar 30, 2010 at 4:56 PM, Evgeny Yurchenko evg.yu...@rogers.com wrote: Danny wrote: I cannot do that, because the main infrastructured is already built-in. I mean 192.168.212.0/24 http://192.168.212.0/24 and 172.24.24.0/24 http://172.24.24.0/24, both got ROUTER GW as default router "today". I have installed 2xPfsense, plugged in this way OPT1 in 192.168.212.0/24 http://192.168.212.0/24 OPT2 in 172.24.24.0/24 http://172.24.24.0/24 We have leased a WAN Link, (pfSense WAN interface) "Tomorrow" we have to change the default gateway for both networks, to point to pfsense, LoadBalacing with failover, to continue using former link, and in case the ROUTER GW is down, use the WAN of pfSense as an alternative ROUTER GW, and inet (172.16.0.2), is managed by third parties, that愀 the reason I cannot plug directly to pfsense Thank you Regards On Tue, Mar 30, 2010 at 4:14 PM, Evgeny Yurchenko evg.yu...@rogers.com mailto:evg.yu...@rogers.com wrote: Evgeny Yurchenko wrote: Danny wrote: Hi, I'm trying to setup this: ___ ( ) ( ) ( inet ) ( inet ) () () |22.22.22.4 |172.16.0.2 | | | | |22.22.22.1(WAN) |172.16.0.1 - 172.24.24.12___|__ --|pfSense x2 |---| ROUTER GW | LAN |___|172.24.24.20 (OPT2) | || | | | 192.168.212.20 |192.168.212.254(OPT1) | | | |172.24.24.0/24 http://172.24.24.0/24 http://172.24.24.0/24 | | | | | |___| | | 192.168.212.0/24 http://192.168.212.0/24 http://192.168.212.0/24 | Requirements: Connection should alway go via ROUTER GW, but default gateway for all machines in both networks should be pfsense (OPT1 and OPT2) If 172.24.24.12 is down conection should go via pfSense WAN interface If 192.168.212.20 is down conection should go via pfSense WAN interface Interface LAN not used because Failover gateway cannot be specified at pfSense 1.2.3 in LAN Interface I惴 stucked. I followed MutiWAN tutorial, but when I create Failover using gateways to monitor, I see the same address for WAN an OPT1 in the pool... Any ideas Thanks -- dpc I am afraid you have wrong understanding of MultiWAN. I think you should be doing the next: ( ) ( ) ( inet ) ( inet ) () () |22.22.22.4 |172.16.0.2 | | | | |22.22.22.1(WAN) |172.16.0.1(OPT1) | - | ---|pfSense x2 |--- |___| 172.24.24.20 (LAN) | |192.168.212.254(OPT2) | | | | 172.24.24.0/24 http://172.24.24.0/24 | 192.168.212.0/24 http://192.168.212.0/24 - - To unsubscribe, e-mail: support-unsubscr...@pfsense.com
Re: [pfSense Support] Firewall drops all packets after upgrade from 1.2 to 1.2.3
Am 26.03.2010 10:54, schrieb Chris Buechler: [...] Probably asymmetric routing. The flags default in newer PF versions in FreeBSD 7.x (pfSense 1.2.1, 1.2.2, 1.2.3) is much more strict than it was in FreeBSD 6.2 (pfSense 1.2). So if the firewall isn't seeing the entire connection (such as only traffic in one direction), it's going to kill that state as it can't properly track the connection state, it looks like spoofed traffic. The fix is to first figure out where the problem is, what's causing the asymmetric routing. Then the solution will depend on the cause. There are many possible causes depending on what's in your network. I think it has to do with the routing. The problem occurs only if the requests came via a static route. Do you have an idea how to find out were the problem with asymmetric routing is? Regards Bastian - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] MultiWAN Failover via internal networks with WAN as secondary
On Tue, Mar 30, 2010 at 5:38 PM, Evgeny Yurchenko evg.yu...@rogers.comwrote: Danny wrote: On Tue, Mar 30, 2010 at 4:56 PM, Evgeny Yurchenko evg.yu...@rogers.comwrote: Danny wrote: I cannot do that, because the main infrastructured is already built-in. I mean 192.168.212.0/24 http://192.168.212.0/24 and 172.24.24.0/24 http://172.24.24.0/24, both got ROUTER GW as default router today. I have installed 2xPfsense, plugged in this way OPT1 in 192.168.212.0/24 http://192.168.212.0/24 OPT2 in 172.24.24.0/24 http://172.24.24.0/24 We have leased a WAN Link, (pfSense WAN interface) Tomorrow we have to change the default gateway for both networks, to point to pfsense, LoadBalacing with failover, to continue using former link, and in case the ROUTER GW is down, use the WAN of pfSense as an alternative ROUTER GW, and inet (172.16.0.2), is managed by third parties, that愀 the reason I cannot plug directly to pfsense Thank you Regards On Tue, Mar 30, 2010 at 4:14 PM, Evgeny Yurchenko evg.yu...@rogers.commailto: evg.yu...@rogers.com wrote: Evgeny Yurchenko wrote: Danny wrote: Hi, I'm trying to setup this: ___ () () ( inet ) ( inet ) () () |22.22.22.4 |172.16.0.2 | | | | |22.22.22.1(WAN) |172.16.0.1 - 172.24.24.12___|__ --|pfSense x2 |---| ROUTER GW | LAN |___|172.24.24.20 (OPT2) | || | | | 192.168.212.20 |192.168.212.254(OPT1)| | | |172.24.24.0/24 http://172.24.24.0/24 http://172.24.24.0/24 | | | | | |___| | | 192.168.212.0/24 http://192.168.212.0/24 http://192.168.212.0/24 | Requirements: Connection should alway go via ROUTER GW, but default gateway for all machines in both networks should be pfsense (OPT1 and OPT2) If 172.24.24.12 is down conection should go via pfSense WAN interface If 192.168.212.20 is down conection should go via pfSense WAN interface Interface LAN not used because Failover gateway cannot be specified at pfSense 1.2.3 in LAN Interface I惴 stucked. I followed MutiWAN tutorial, but when I create Failover using gateways to monitor, I see the same address for WAN an OPT1 in the pool... Any ideas Thanks -- dpc I am afraid you have wrong understanding of MultiWAN. I think you should be doing the next: () () ( inet ) ( inet ) () () |22.22.22.4 |172.16.0.2 | | | | |22.22.22.1(WAN)|172.16.0.1(OPT1) | - | ---|pfSense x2 |--- |___| 172.24.24.20 (LAN) | |192.168.212.254(OPT2) | | | | 172.24.24.0/24 http://172.24.24.0/24 | 192.168.212.0/24 http://192.168.212.0/24 - - To unsubscribe, e-mail: support-unsubscr...@pfsense.com mailto:support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com mailto:support-h...@pfsense.com Commercial support available - https://portal.pfsense.org -- dpc Please do not toppost. What you are trying to do is failover at PCs level THEY have to switch to different gateway, THEY somehow have to become aware that primary Internet link is down, you are taking away this from pfSense box, i.e. pfSense can not change default gateway on your workstations. With
Re: [pfSense Support] Firewall drops all packets after upgrade from 1.2 to 1.2.3
On Tue, Mar 30, 2010 at 12:06 PM, Bastian Schern m...@reventix.de wrote: Am 26.03.2010 10:54, schrieb Chris Buechler: [...] Probably asymmetric routing. The flags default in newer PF versions in FreeBSD 7.x (pfSense 1.2.1, 1.2.2, 1.2.3) is much more strict than it was in FreeBSD 6.2 (pfSense 1.2). So if the firewall isn't seeing the entire connection (such as only traffic in one direction), it's going to kill that state as it can't properly track the connection state, it looks like spoofed traffic. The fix is to first figure out where the problem is, what's causing the asymmetric routing. Then the solution will depend on the cause. There are many possible causes depending on what's in your network. I think it has to do with the routing. The problem occurs only if the requests came via a static route. Then just go to System Advanced and check Bypass firewall rules for traffic on the same interface. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Is it poosible to NAT depending of the gateway
That´s the question I know is possible to NAT depending of source ande depending on destination. But is it possible to NAT depending on the gateway the traffic left the firewall? Regards -- dpc
Re: [pfSense Support] Is it poosible to NAT depending of the gateway
On Tue, Mar 30, 2010 at 4:59 PM, Danny metal...@gmail.com wrote: That´s the question I know is possible to NAT depending of source ande depending on destination. But is it possible to NAT depending on the gateway the traffic left the firewall? Depends. All NAT happens based on the interface the traffic leaves. If you have one gateway per interface, then yes. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Is it poosible to NAT depending of the gateway
On Tue, Mar 30, 2010 at 11:08 PM, Chris Buechler cbuech...@gmail.comwrote: On Tue, Mar 30, 2010 at 4:59 PM, Danny metal...@gmail.com wrote: That´s the question I know is possible to NAT depending of source ande depending on destination. But is it possible to NAT depending on the gateway the traffic left the firewall? Depends. All NAT happens based on the interface the traffic leaves. If you have one gateway per interface, then yes. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org So. If the gateway for a given interface is dynamic (failover), there is no solution. Isn´t it? Thanks -- dpc
Re: [pfSense Support] Is it poosible to NAT depending of the gateway
On Tue, Mar 30, 2010 at 5:13 PM, Danny metal...@gmail.com wrote: So. If the gateway for a given interface is dynamic (failover), there is no solution. Isn´t it? No, that works fine. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] TCP Connection Closed on Client But pfsense States Still Established
I tried posting this specifically before and didn't have any luck ( http://www.mail-archive.com/support@pfsense.com/msg19099.html ) but now that I have contacted Microsoft I have a few more details to ask the questions with. Here is the basic scenario: - On the server, TCP session timeouts have been lowered to 5 minutes (through a reg edit that MS support had me make) - The client application has been shut down and netstat shows no connections open to the server - The server still shows many (up to 30) connections to the client long after the 5 minute timeout window - The pfSense (1.2.3-RC3) GUI Diagnostics - States table shows sessions between the client and server as ESTABLISHED:ESTABLISHED - The client and server are in two different subnets connected by an IPSec VPN Now, is there anything in pfSense that would keep a session open even after the client has closed it and the server's TCP timeout window has passed? The way MS Support was explaining it to me, they said the server would send out a message to see if the client was still around and it would only be keeping the session open if something was responding on the client's behalf. She said to look for any setting on the router such as tcp keep alive or idle keep alive but the only thing I see is under VPN settings for the Keep Alive IP to ping which I thought was only to keep the tunnel up by pinging a host on the remote subnet. Thank for any help!
