2014-07-25 2:52 GMT+02:00 Erik Anderson <[email protected]>: > Hello - > > This evening I upgraded to 2.1.4 and have noticed an odd issue > communicating between two of my LAN subnets. > > For the purposes of this example, I have main-LAN (192.168.3.1/24) and > voice-LAN (192.168.5.1/24). > > I have firewall rules in place on the main-LAN interface to permit > traffic to the voice-LAN. > > When I ping from my workstation on the main-LAN to a server on the > voice-LAN, I get the following: > > https://gist.github.com/anderiv/60bac6fb637192eb8419 > > That ICMP reply is coming from the default gateway of our WAN > interface. It makes sense that comcast is blocking RFC1918 addresses, > but the question is: why is this traffic being routed out the WAN > instead of to the voice-LAN? > > Here's a packet capture, taken on the main-LAN interface: > > https://www.cloudshark.org/captures/215fcc948bb7 > > All of this worked perfectly in the previous version of pfsense we > were at (2.0.1). > > Any insights into what may be causing this? > > Thank you- > Erik > _______________________________________________ > List mailing list > [email protected] > https://lists.pfsense.org/mailman/listinfo/list >
Hi Erik, i would start with: Checking the FW-Logs in -> System-Logs -> there should be an entry then, which tells you also which rule blocks and what the incoming interface was. checking the interface configuation -> Status Inferfaces in the WebUI checking the routing of the pfsense -> netstat -nr - > either at the console or at -> Diagnostics -> Command blah in the WebUI Cchecking the NAT-Setup of the PfSense if i remember correctly for checking the connectivity from the FW-Console, one has to pass the source-address and/or the interface to the ping command. this should bring you more insights and ideas on what is wrong. if i remember correctly, parts of the interface assignment got changed between 2.0.1 and 2.1 or so. but i can be mistaken with this. hth michael
_______________________________________________ List mailing list [email protected] https://lists.pfsense.org/mailman/listinfo/list
