I have set up a pf-sense router that is almost configured however one interface (is up) is having issues. It is connected to a windows server 2003 machine.
Both the ip addresses are configured correctly.
The windows box cant ping anything.
the router can ping the windows box and all other connections including the internet.
all other connected devices have no issues.
I am convince it is windows but I have tried everything I can think of.
How do you have it configured? I'm assuming you have a bunch of NICs with different devices connected rather than a switch? If do you have them in a bridge or are they routed?
bunch of NIC's routed
interface 172.16.130.254/24
windows 172.16.130.7/24
Could be a firewall issue, do you have allow any to any rules on all the interfaces?
No i have not connected it to the net yet so the firewall is currently disabled (i will be working on that when all the interfaces are active)
Are all the interfaces on different subnets?
You can double check that it's not a firewall issue by looking at the firewall log, it will tell you if anything is being blocked.
Firewall log is empty
yes i am using NAT for example my ubuntu server is on the .129.254/24 interface however that and all the other devices on other sub-nets work fine
I'm not really sure what it could be. It's odd that you can ping the windows machine. That would indicate the the network interface is working on that machine and that it's not the windows firewall. Could be that you're missing the routing info for that interface, you could have a look in diagnostics>routes in pfsense and check that you have the right routs for each interface.
Thank you any way i will look into it
Solution found:
The PF scene router defaults to allowing no traffic to leave the DMZ if the firewall is disabled.
Although it was not an actual DMZ that is what the interface was previously set to and therefor stopped the traffic.
Fixed by adding rules to the firewall to specifically let the traffic through.
Yeah I thought it sounded like a firewall problem. Although it's weird that it was still the case even with the firewall disabled.
It is odd but when the firewall is disabled it just defaults to open on everything but the DMZ which is closed as a default.
I didn't realise you could set an interface specifically as a DMZ
Nether did I. I think it recognized it was one as that is what it was named (from the previous use, i didn't change it). Some sort of inbuilt recognition of user given interface names as a service maybe.
I don't think that's the case, I have a DMZ interface and it doesn't behave differently to any of the others. I'd say it was just a bug. The default action of the firewall is to block everything, only the first (LAN) interface has a default allow any rule, all new optional interfaces have no rules and will therefore block everything. So I'd say that for whatever reason the firewall was still active on that interface.
You are probably correct I am just thinking to much into this.
If I'm honest I am just trying to reason out something that was most probably a bug. It is fun to contemplate though.
One thing I've noticed is that with certain settings pfsense will hang on to old firewall states for a long time, even after a reboot. It's possible that there was just something hanging around in the state table which was blocking traffic on the interface. I find that it's handy to reset the state table after any firewall configuration just to eliminate any weirdness caused by the state table.
Good bit of advice I will take that into account in the future, thanks for all the ideas.