Netgate SG-1000 microFirewall

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Noctis

Pages: [1]
1
Firewalling / Rule not applied
« on: November 01, 2017, 06:19:19 am »
Hello there

I've applied a default "allow LAN to any" rule in the LAN 172.24.166/24, see Rule 2. Surprisingly the firewall blocks traffic to various CDNs. So I've created easy rules to pass this traffic.
Can someone explain me, why the default rule does not apply?

Regards, Noc

2
General Questions / Connectivity Issues
« on: August 17, 2017, 09:25:40 am »
Hello community

Unfortunately my problem-solving skills have ended. I own these NWs:
DMZ: 172.26.166.0/28
LAN: 172.24.166.1/24
WAN: 192.168.0.1/24

Connection is:
Cable ISP - Cable Modem / Router (WAN) - Hyper-V host (3 NICs) - pfSense: DMZ (hn2) / LAN (hn1) / WAN (hn0)

Now, to the Problem:
The (Debian 9) DMZ server can be reached from outside on Port 80 (Port FWD).
But from DMZ to outside, there is no ping, nslookup or any other service possible.
Firewall (any) rule is in place.
Ping to WAN IP works, but not to Router IP.

Do you have some ideas?

3
DHCP and DNS / DHCPDECLINE issues
« on: July 17, 2017, 05:38:22 am »
Hi community

Some of my clients don't accept their reserved IP. Some of them are esp8266 chips with custom firmware, but I had this problem on some other clients too. When I change the static IP to a new (rand()) one, it works and the client accepts the IP. If I put it back, he won't.
I assume this has something to do with the previous DHCP request (initial, without reservation) and the new one (with reservation), so they collide and create different ARP requests, like:
https://gtacknowledge.extremenetworks.com/articles/Solution/DHCP-Clients-sending-DHCPDECLINE-packets
or
https://learningnetwork.cisco.com/thread/78567


Code: [Select]
Jul 17 10:14:47 dhcpd DHCPDISCOVER from 5c:cf:7f:22:d9:03 via hn4
Jul 17 10:14:47 dhcpd DHCPOFFER on 172.22.166.31 to 5c:cf:7f:22:d9:03 via hn4
Jul 17 10:14:47 dhcpd DHCPREQUEST for 172.22.166.31 (172.22.166.1) from 5c:cf:7f:22:d9:03 via hn4
Jul 17 10:14:47 dhcpd DHCPACK on 172.22.166.31 to 5c:cf:7f:22:d9:03 via hn4
Jul 17 10:14:47 dhcpd DHCPDECLINE of 172.22.166.31 from 5c:cf:7f:22:d9:03 via hn4: not found
Jul 17 10:14:51 dhcpd DHCPDISCOVER from 5c:cf:7f:23:74:3f via hn4
Jul 17 10:14:51 dhcpd DHCPOFFER on 172.22.166.32 to 5c:cf:7f:23:74:3f via hn4
Jul 17 10:14:51 dhcpd DHCPREQUEST for 172.22.166.32 (172.22.166.1) from 5c:cf:7f:23:74:3f via hn4
Jul 17 10:14:51 dhcpd DHCPACK on 172.22.166.32 to 5c:cf:7f:23:74:3f via hn4
Jul 17 10:14:51 dhcpd DHCPDECLINE of 172.22.166.32 from 5c:cf:7f:23:74:3f via hn4: not found
Jul 17 10:14:57 dhcpd DHCPDISCOVER from 5c:cf:7f:22:d9:03 via hn4
Jul 17 10:14:57 dhcpd DHCPOFFER on 172.22.166.31 to 5c:cf:7f:22:d9:03 via hn4
Jul 17 10:14:57 dhcpd DHCPREQUEST for 172.22.166.31 (172.22.166.1) from 5c:cf:7f:22:d9:03 via hn4
Jul 17 10:14:57 dhcpd DHCPACK on 172.22.166.31 to 5c:cf:7f:22:d9:03 via hn4
Jul 17 10:14:57 dhcpd DHCPDECLINE of 172.22.166.31 from 5c:cf:7f:22:d9:03 via hn4: not found
Jul 17 10:15:02 dhcpd DHCPDISCOVER from 5c:cf:7f:23:74:3f via hn4
Jul 17 10:15:02 dhcpd DHCPOFFER on 172.22.166.32 to 5c:cf:7f:23:74:3f via hn4
Jul 17 10:15:02 dhcpd DHCPREQUEST for 172.22.166.32 (172.22.166.1) from 5c:cf:7f:23:74:3f via hn4
Jul 17 10:15:02 dhcpd DHCPACK on 172.22.166.32 to 5c:cf:7f:23:74:3f via hn4
Jul 17 10:15:02 dhcpd DHCPDECLINE of 172.22.166.32 from 5c:cf:7f:23:74:3f via hn4: not found
Jul 17 10:15:03 dhcpd DHCPDISCOVER from a0:20:a6:1a:00:8d via hn4
Jul 17 10:15:03 dhcpd DHCPOFFER on 172.22.166.41 to a0:20:a6:1a:00:8d via hn4
Jul 17 10:15:03 dhcpd DHCPREQUEST for 172.22.166.41 (172.22.166.1) from a0:20:a6:1a:00:8d via hn4
Jul 17 10:15:03 dhcpd DHCPACK on 172.22.166.41 to a0:20:a6:1a:00:8d via hn4
Jul 17 10:15:03 dhcpd DHCPDECLINE of 172.22.166.41 from a0:20:a6:1a:00:8d via hn4: not found

I've deleted the static addresses and it seems like they are getting "known hosts" addresses, because one has .120, the others .125 and 126.

Any ideas?


Thanks!

Noc.

PS: could also be the solution to this old post: https://forum.pfsense.org/index.php?topic=54220.0

Pages: [1]