0

I have recently configured 2 firewalls (on 2 DELL PowerEdge R210II with ESXI 5.1) with pfSense. We have several LANs and 2 WANs. Everything is running fine but I have a strange behavior: I can access the internet from all LANs but not from the firewall (itself). For example the firewall cannot retrieve package information or if I set up a gateway monitor IP (like Google 8.8.8.8 ) this fails.

These are the screenshots of firewall configuration: http://imgur.com/a/LNuMz#0

ATM I kept firewall rules to minimum to avoid problems or conflicts.

Any ideas on how to solve the problem?

Dave M
  • 4,494
  • 21
  • 30
  • 30
eldblz
  • 375
  • 2
  • 11
  • 21

2 Answers2

1

i would try running tcpdump on your gateway 172.16.1.254 (or "debugs" on cisco routers), to make sure traffic is actually getting out correctly, and not being blackholed via route loop or otherwise. i dont think it would be the firewall rules, but you can enable debugging on each rule to make sure and tail -f logs. if a rule is blocking, it will show in logs

also, the manual outbound nat may be breaking things, so i would check that too. you can also drop shell on the freebsd box (pfsense) and run tcpdump there as well. lastly, you can "backup" your pfsense config via xml file, and then factory reset. add / change one thing at a time, until you replicate the issue. restore config from xml file and fix culprit.

nandoP
  • 2,001
  • 14
  • 15
0

The problem was the provider misconfigured NAT 1on1 and ACLs on the routers providing the internet connection.

Thanks again for your help.

eldblz
  • 375
  • 2
  • 11
  • 21