2

I am in a local area network that communicates to the web through a pfSense router/firewall. I have two remote debian servers, where I should be able to access ports 22 (SSH), 80 (HTTP), 8080 (HTTP), and 443 (HTTPS).

My problem is :

  • from outside the LAN (even with same computer using 4G phone connection, or TOR or a VPN first), I can reach both remote servers (PING, Telnet, SSH, browser, ...)
  • from inside the LAN (any computer), I can reach one of them, but not the other

What I have tried so far :

  • traceroute shows the same hops
  • on the inaccessible server, I have disabled ufw and fail2ban, and I have cleared all riles in iptable
  • on the pfSense, there is no specific rule
  • I use tcpdump and telnet to test connectivity : nothing shows up when I try from the LAN
  • nmap from inside LAN : 
# nmap aaa.aaa.aaa

Starting Nmap 6.47 ( http://nmap.org ) at 2016-03-17 10:28 CET
Nmap scan report for aaa.aaa.aaa (X.X.X.X)
Host is up (0.00024s latency).
Not shown: 996 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
443/tcp  open  https
8080/tcp open  http-proxy

Nmap done: 1 IP address (1 host up) scanned in 2.48 seconds
  • nmap from outside LAN (or through VPN or TOR) : 
# nmap aaa.aaa.aaa -Pn

Starting Nmap 6.47 ( http://nmap.org ) at 2016-03-17 10:43 CET
Nmap scan report for aaa.aaa.aaa (X.X.X.X)
Host is up (0.00020s latency).
All 1000 scanned ports on aaa.aaa.aaa (X.X.X.X) are filtered

Nmap done: 1 IP address (1 host up) scanned in 26.08 seconds

EDIT : here is the pcap result on the pfSense

I'm running pcap on the pfSense : pfsense.aaa.aaa/diag_packet_capture.php , capturing everything on IP X.X.X.X . Here is what I get :

  • on WAN interface : nothing
  • on LAN interface :
16:46:46.429029 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32293, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56189 > aaa.aaa.aaa.8080: Flags [S], cksum 0x710a (correct), seq 2055190549, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:46:46.429055 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:46:49.428920 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32294, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56189 > aaa.aaa.aaa.8080: Flags [S], cksum 0x710a (correct), seq 2055190549, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:46:49.428943 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:46:55.429030 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32295, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56189 > aaa.aaa.aaa.8080: Flags [S], cksum 0x8519 (correct), seq 2055190549, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:46:55.429041 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:07.051188 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32296, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56196 > aaa.aaa.aaa.http: Flags [S], cksum 0xe1cd (correct), seq 2531609125, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:07.051208 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:07.301459 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32297, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56197 > aaa.aaa.aaa.http: Flags [S], cksum 0x1f19 (correct), seq 3776561828, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:07.350865 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32298, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56198 > aaa.aaa.aaa.http: Flags [S], cksum 0x7035 (correct), seq 965220633, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:07.601227 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32299, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56199 > aaa.aaa.aaa.http: Flags [S], cksum 0xb4fe (correct), seq 565373988, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:07.601245 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:10.054191 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32300, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56196 > aaa.aaa.aaa.http: Flags [S], cksum 0xe1cd (correct), seq 2531609125, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:10.054203 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:10.301143 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32301, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56197 > aaa.aaa.aaa.http: Flags [S], cksum 0x1f19 (correct), seq 3776561828, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:10.350578 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32302, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56198 > aaa.aaa.aaa.http: Flags [S], cksum 0x7035 (correct), seq 965220633, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:10.601239 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32303, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56199 > aaa.aaa.aaa.http: Flags [S], cksum 0xb4fe (correct), seq 565373988, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:10.601249 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:16.054471 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32304, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56196 > aaa.aaa.aaa.http: Flags [S], cksum 0xf5dc (correct), seq 2531609125, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:16.054490 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:16.301017 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32305, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56197 > aaa.aaa.aaa.http: Flags [S], cksum 0x3328 (correct), seq 3776561828, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:16.350813 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32306, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56198 > aaa.aaa.aaa.http: Flags [S], cksum 0x8444 (correct), seq 965220633, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:16.601402 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32307, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56199 > aaa.aaa.aaa.http: Flags [S], cksum 0xc90d (correct), seq 565373988, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:16.601414 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:17.424054 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32308, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56207 > aaa.aaa.aaa.8080: Flags [S], cksum 0xbe6a (correct), seq 2538229208, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:20.425408 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32309, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56207 > aaa.aaa.aaa.8080: Flags [S], cksum 0xbe6a (correct), seq 2538229208, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:20.425419 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:22.155778 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32310, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56208 > aaa.aaa.aaa.http: Flags [S], cksum 0x5cf4 (correct), seq 2780020772, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:22.155798 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:22.406697 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32311, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56209 > aaa.aaa.aaa.http: Flags [S], cksum 0x1237 (correct), seq 3315002109, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:25.156034 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32312, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56208 > aaa.aaa.aaa.http: Flags [S], cksum 0x5cf4 (correct), seq 2780020772, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:25.156045 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:25.406791 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32313, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56209 > aaa.aaa.aaa.http: Flags [S], cksum 0x1237 (correct), seq 3315002109, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:26.425813 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32314, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56207 > aaa.aaa.aaa.8080: Flags [S], cksum 0xd279 (correct), seq 2538229208, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:26.425823 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:28.054884 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32315, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56210 > aaa.aaa.aaa.http: Flags [S], cksum 0xfd53 (correct), seq 3196258035, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:28.054904 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:28.301757 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32316, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56211 > aaa.aaa.aaa.http: Flags [S], cksum 0xafa9 (correct), seq 2972606961, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:28.602097 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32317, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56212 > aaa.aaa.aaa.http: Flags [S], cksum 0x778b (correct), seq 4013120521, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:28.602117 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:31.055765 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32318, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56210 > aaa.aaa.aaa.http: Flags [S], cksum 0xfd53 (correct), seq 3196258035, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:31.055776 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:31.156867 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32319, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56208 > aaa.aaa.aaa.http: Flags [S], cksum 0x7103 (correct), seq 2780020772, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:31.301776 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32320, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56211 > aaa.aaa.aaa.http: Flags [S], cksum 0xafa9 (correct), seq 2972606961, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:31.407692 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32321, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56209 > aaa.aaa.aaa.http: Flags [S], cksum 0x2646 (correct), seq 3315002109, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:31.602315 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32322, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56212 > aaa.aaa.aaa.http: Flags [S], cksum 0x778b (correct), seq 4013120521, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:31.602325 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:34.249728 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32323, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56213 > aaa.aaa.aaa.http: Flags [S], cksum 0xd724 (correct), seq 3143905342, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:34.249747 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:34.500390 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32324, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56214 > aaa.aaa.aaa.http: Flags [S], cksum 0xda74 (correct), seq 87286558, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:34.500410 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:37.056457 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32325, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56210 > aaa.aaa.aaa.http: Flags [S], cksum 0x1163 (correct), seq 3196258035, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:37.056469 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:37.250464 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32326, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56213 > aaa.aaa.aaa.http: Flags [S], cksum 0xd724 (correct), seq 3143905342, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:37.302433 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32327, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56211 > aaa.aaa.aaa.http: Flags [S], cksum 0xc3b8 (correct), seq 2972606961, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:37.500215 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32328, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56214 > aaa.aaa.aaa.http: Flags [S], cksum 0xda74 (correct), seq 87286558, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:37.500225 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:37.602489 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32329, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56212 > aaa.aaa.aaa.http: Flags [S], cksum 0x8b9a (correct), seq 4013120521, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:43.250623 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32330, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56213 > aaa.aaa.aaa.http: Flags [S], cksum 0xeb33 (correct), seq 3143905342, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:43.250634 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:43.417662 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32331, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56217 > aaa.aaa.aaa.http: Flags [S], cksum 0xd1df (correct), seq 893762462, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:43.501817 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32332, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56214 > aaa.aaa.aaa.http: Flags [S], cksum 0xee83 (correct), seq 87286558, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:43.501827 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:46.418997 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32333, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56217 > aaa.aaa.aaa.http: Flags [S], cksum 0xd1df (correct), seq 893762462, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:46.419009 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:52.418800 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32334, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56217 > aaa.aaa.aaa.http: Flags [S], cksum 0xe5ee (correct), seq 893762462, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:52.418811 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:55.503028 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32335, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56218 > aaa.aaa.aaa.http: Flags [S], cksum 0xd257 (correct), seq 4086693076, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:55.503071 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:58.503196 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32336, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56218 > aaa.aaa.aaa.http: Flags [S], cksum 0xd257 (correct), seq 4086693076, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:58.503208 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28

How can this be? What else can I try?

My guess is that there is some firewall blocking things between my LAN and my server (pfSense or on the server), but how can I troubleshoot this ?

Thanks in advance for your much appreciated help and support.

Improve this question
4
  • Do we have an option to do pcap on pfSense?
    – manjesh23
    Commented Mar 17, 2016 at 11:10
  • If this pfSense is installed on a Windows machine, best is to get the Microsoft Network Monitor AKA netmon. Get the pcap attached here. I can review this.
    – manjesh23
    Commented Mar 17, 2016 at 14:59
  • Can we get a hub attached to the outside interface to that machine and do a pcap?
    – manjesh23
    Commented Mar 17, 2016 at 15:10
  • OK, I just edited my question with the pcap results on the pfSense. Thanks for your help.
    – Clément Fleury
    Commented Mar 17, 2016 at 16:01

1 Answer 1

Reset to default
0

OK, the pfSense was mis configured. There was a rule in the Firewall for the LAN interface, making everything pass for the IP of my remote server...

Solution : disable the route in pfSense > Firewall > Rules > LAN .

Improve this answer
1
  • This doesn't explain why it broke all of a sudden, and why ping was working, though...
    – fleuryc
    Commented Mar 18, 2016 at 13:42

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .