I found out that the problem is not related to the setup AT ALL: Here's what I did, I added a static route in a web server say "192.168.20.2" routing table that routes all traffic to a specific client in the same network "192.168.20.3" through pfSense "192.168.20.1" , and again pfSense dropped all tcp packets coming from 192.168.20.2 to 192.168.20.3 !! although I'm adding a rule allowing everything from local network !! ..the icmp packets do not get dropped !! I can ping 192.168.20.3 from 20.2 !!! This certainly looks like a bug , please tell me if it's a bug or what exactly !!
On Sun, Aug 24, 2008 at 2:40 PM, Ahmed Abdallah <[EMAIL PROTECTED]>wrote: > Hello everyone, > I've a problem with 1.2.1-RC1 which is very weird. > I've a simple setup that have pfSense as an internet gateway for two > subnets ...the setup is as follows: > > 192.168.10.0/24 196.168.20.0/24 > | > | > | > | > ------------------- 192.168.20.253 --------- > | 10.0 gateway | ----------------------| switch | > ------------------- --------- > | > > 192.168.20.1 > > ------------- > | > pfSense |-------internet > > ------------- > > Now here's the problem, obviously I need a static route entry that routes > traffic to 192.168.10.0 network through 192.168.20.253 gateway so that > 20.0 network connect to 10.0 network and vice versa. After configuring the > firewall properly , 10.0 network are able to ping hosts in 20.0 network and > vice versa....but when a host behind the gateway "in 10.0" network tries to > connect to any host in 20.0 network, the request gets routed correctly and > it reaches 20.0 but the reply "which should be redirected by pfsense to the > gateway "gets blocked by pfsense and I see that in the log. > Now, I tried everything, I added a first rule in the NAT interface to allow > all traffic from 20.0 to 10.0 it didn't work, I tried to even remove ALL the > rules and add a rule that allows from anyone to anyone using any protocl, > but to veil :( ..the log shows that such packets "ex from 192.168.20.5 to > 192.168.10.2 tcp " are dropped due to "default deny all" ..It only works > when I disable the firewall totaly !!. > I suspect that this is a bug, please help , it's a very basic setup where I > need to route packets through another gateway !! > -- > Ahmed Abdalla > --Systems Engineer > Linux-Plus Information Systems L.L.C > Tel : +20 2 2527 6616 > EXT : 806 > Fax : +20 2 2526 1055 > Mobile : +20 10 688 9009 > email : [EMAIL PROTECTED] > website : http://www.linux-plus.com > -- Ahmed Abdalla --Systems Engineer Linux-Plus Information Systems L.L.C Tel : +20 2 2527 6616 EXT : 806 Fax : +20 2 2526 1055 Mobile : +20 10 688 9009 email : [EMAIL PROTECTED] website : http://www.linux-plus.com
