Hello DV,
As I think I mentioned before, a packet capture on each interface of the remote
pfSense (including the IPsec interface), with the ICMP request running
continuously on the local computer, shows no ICMP request packet going out any
of the other interfaces. Normally, it should go out of
Yudhvir, thanks for helping.The destination IP 192.168.6.106 is that of machine
in the remote LAN, and it is of course UP and running and pingable. Sorry fat
fingered the reply. Is there something on the other end of the Ping to answer?
Yudhvir
Hello All,
I have been following quietly along and I keep wondering if the ICMP
packets actually do make it to the remote IP 192.168.6.106 but perhaps the
route back through pfsense/OPT1/pfsense/IPSEC etc. is not working...
Start with the remote machine 192.168.6.106, does it have it's gateway
Hello Adam,Anything else I could try?
Thanks
Subject: Re: [pfSense] Disable antispoofing on an interface
From: athom...@athompso.net
Date: Mon, 14 Jul 2014 20:24:36 -0500
To: list@lists.pfsense.org; netsys...@live.com
I suspect you need to be looking not for anti-spoofing but for anti-bogon
Post your logs. Is this behavior the same from either LAN? Is this setup
virgin, meaning did it work with older pfSense versions and is now
misbehaving or is this a fresh setup?
Obviously the IPsec/UDP link should be simplified and tested to isolate the
problem. You can also test the setup on
How do you know pfSense is dropping the packet? Does it show up in a packet
capture on OPT1?
-Adam
On July 17, 2014 5:12:07 AM CDT, NetSys Pro netsys...@live.com wrote:
Hello Adam,Anything else I could try?
Thanks
Subject: Re: [pfSense] Disable antispoofing on an interface
From: athom
anywhere!So, I suppose the packet is being silently dropped. Is that
possible?
Subject: RE: [pfSense] Disable antispoofing on an interface
From: athom...@athompso.net
Date: Thu, 17 Jul 2014 10:50:27 -0500
To: netsys...@live.com; list@lists.pfsense.org
How do you know pfSense is dropping the packet
I just did a tcpdump on pfSense and I do see the ICMP request coming in on the
OPT1 interface.So, this means that the WANOPT appliance is not the culprit.
Subject: RE: [pfSense] Disable antispoofing on an interface
From: athom...@athompso.net
Date: Thu, 17 Jul 2014 12:10:44 -0500
To: netsys
, 2014 12:20:10 PM CDT, NetSys Pro netsys...@live.com wrote:
I just did a tcpdump on pfSense and I do see the ICMP request coming in
on the OPT1 interface.So, this means that the WANOPT appliance is not
the culprit.
Subject: RE: [pfSense] Disable antispoofing on an interface
From: athom
:01.040452 rule 159/0(match): pass in on re0: (tos
0x0, ttl 62, id 10, offset 0, flags [none], proto ICMP (1), length 84)
Jul 17 21:28:01 fw2 pf: 10.6.2.10 192.168.6.106: ICMP echo request, id 43547,
seq 11, length 64
What do you think?
Subject: RE: [pfSense] Disable antispoofing on an interface
From
On 14-07-17 12:32 PM, NetSys Pro wrote:
Here's the output:
Jul 17 21:27:50 fw2 pf: 10.6.2.10 192.168.6.106: ICMP echo request,
id 43547, seq 0, length 64
Jul 17 21:27:52 fw2 pf: 00:00:01.885014 rule 159/0(match): pass in on
re0: (tos 0x0, ttl 62, id 1, offset 0, flags [none], proto ICMP (1),
That block is on a TCP packet, not UDP. Also, is there something on the othersid
Yudhvir
On Jul 17, 2014, at 4:26 PM, Adam Thompson athom...@athompso.net wrote:
On 14-07-17 12:32 PM, NetSys Pro wrote:
Here's the output:
Jul 17 21:27:50 fw2 pf: 10.6.2.10 192.168.6.106: ICMP echo request,
Sorry fat fingered the reply. Is there something on the other end of the Ping
to answer?
Yudhvir
On Jul 17, 2014, at 7:11 PM, Mehmasarja Darks mehmasa...@gmail.com wrote:
That block is on a TCP packet, not UDP. Also, is there something on the
othersid
Yudhvir
On Jul 17, 2014, at 4:26
and antispoof directives
were generated.Result: The problem persists!
Anything else I could try?
Thanks
Date: Tue, 15 Jul 2014 08:23:23 +0400
From: netsys...@live.com
To: t...@diadeis.mu
Subject: Fwd: Re: [pfSense] Disable antispoofing on an interface
Hello everyone,
First of all, please note that I have already posted the question below
on the pfSense forum (see
https://forum.pfsense.org/index.php?topic=79081.0) since about 1 week
without any reply.
Given the urgency of the matter, I decided to post to the mailing list,
hoping for some
I suspect you need to be looking not for anti-spoofing but for anti-bogon rules.
Can't remember what pfSense calls it offhand.
-Adam
On July 14, 2014 6:19:22 PM CDT, NetSys Pro netsys...@live.com wrote:
Hello everyone,
First of all, please note that I have already posted the question below
on
16 matches
Mail list logo
