3

Я нахожусь в локальной сети, которая общается с Интернетом через маршрутизатор / межсетевой экран pfSense. У меня есть два удаленных сервера Debian, где я должен иметь доступ к портам 22 (SSH), 80 (HTTP), 8080 (HTTP) и 443 (HTTPS).

Моя проблема:

  • из-за пределов локальной сети (даже с тем же компьютером, использующим телефонное соединение 4G, или сначала TOR или VPN), я могу подключиться к обоим удаленным серверам (PING, Telnet, SSH, браузер, ...)
  • из локальной сети (любого компьютера) я могу связаться с одним из них, но не с другим

Что я уже пробовал:

  • traceroute показывает тот же хмель
  • на недоступном сервере я отключил ufw и fail2ban, и я очистил все файлы в iptable
  • на pfSense нет конкретного правила
  • Я использую tcpdump и telnet для проверки подключения: ничего не появляется, когда я пытаюсь из локальной сети
  • Nmap из локальной сети:
# nmap aaa.aaa.aaa

Starting Nmap 6.47 ( http://nmap.org ) at 2016-03-17 10:28 CET
Nmap scan report for aaa.aaa.aaa (X.X.X.X)
Host is up (0.00024s latency).
Not shown: 996 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
443/tcp  open  https
8080/tcp open  http-proxy

Nmap done: 1 IP address (1 host up) scanned in 2.48 seconds
  • Nmap извне локальной сети (или через VPN или TOR):
# nmap aaa.aaa.aaa -Pn

Starting Nmap 6.47 ( http://nmap.org ) at 2016-03-17 10:43 CET
Nmap scan report for aaa.aaa.aaa (X.X.X.X)
Host is up (0.00020s latency).
All 1000 scanned ports on aaa.aaa.aaa (X.X.X.X) are filtered

Nmap done: 1 IP address (1 host up) scanned in 26.08 seconds

РЕДАКТИРОВАТЬ: вот результат pcap на pfSense

Я запускаю pcap на pfSense: pfsense.aaa.aaa/diag_packet_capture.php, захватывая все на IP XXXX. Вот что я получаю:

  • по интерфейсу WAN: ничего
  • по интерфейсу локальной сети:
16:46:46.429029 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32293, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56189 > aaa.aaa.aaa.8080: Flags [S], cksum 0x710a (correct), seq 2055190549, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:46:46.429055 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:46:49.428920 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32294, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56189 > aaa.aaa.aaa.8080: Flags [S], cksum 0x710a (correct), seq 2055190549, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:46:49.428943 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:46:55.429030 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32295, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56189 > aaa.aaa.aaa.8080: Flags [S], cksum 0x8519 (correct), seq 2055190549, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:46:55.429041 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:07.051188 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32296, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56196 > aaa.aaa.aaa.http: Flags [S], cksum 0xe1cd (correct), seq 2531609125, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:07.051208 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:07.301459 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32297, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56197 > aaa.aaa.aaa.http: Flags [S], cksum 0x1f19 (correct), seq 3776561828, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:07.350865 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32298, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56198 > aaa.aaa.aaa.http: Flags [S], cksum 0x7035 (correct), seq 965220633, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:07.601227 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32299, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56199 > aaa.aaa.aaa.http: Flags [S], cksum 0xb4fe (correct), seq 565373988, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:07.601245 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:10.054191 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32300, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56196 > aaa.aaa.aaa.http: Flags [S], cksum 0xe1cd (correct), seq 2531609125, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:10.054203 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:10.301143 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32301, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56197 > aaa.aaa.aaa.http: Flags [S], cksum 0x1f19 (correct), seq 3776561828, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:10.350578 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32302, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56198 > aaa.aaa.aaa.http: Flags [S], cksum 0x7035 (correct), seq 965220633, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:10.601239 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32303, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56199 > aaa.aaa.aaa.http: Flags [S], cksum 0xb4fe (correct), seq 565373988, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:10.601249 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:16.054471 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32304, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56196 > aaa.aaa.aaa.http: Flags [S], cksum 0xf5dc (correct), seq 2531609125, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:16.054490 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:16.301017 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32305, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56197 > aaa.aaa.aaa.http: Flags [S], cksum 0x3328 (correct), seq 3776561828, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:16.350813 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32306, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56198 > aaa.aaa.aaa.http: Flags [S], cksum 0x8444 (correct), seq 965220633, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:16.601402 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32307, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56199 > aaa.aaa.aaa.http: Flags [S], cksum 0xc90d (correct), seq 565373988, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:16.601414 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:17.424054 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32308, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56207 > aaa.aaa.aaa.8080: Flags [S], cksum 0xbe6a (correct), seq 2538229208, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:20.425408 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32309, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56207 > aaa.aaa.aaa.8080: Flags [S], cksum 0xbe6a (correct), seq 2538229208, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:20.425419 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:22.155778 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32310, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56208 > aaa.aaa.aaa.http: Flags [S], cksum 0x5cf4 (correct), seq 2780020772, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:22.155798 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:22.406697 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32311, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56209 > aaa.aaa.aaa.http: Flags [S], cksum 0x1237 (correct), seq 3315002109, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:25.156034 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32312, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56208 > aaa.aaa.aaa.http: Flags [S], cksum 0x5cf4 (correct), seq 2780020772, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:25.156045 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:25.406791 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32313, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56209 > aaa.aaa.aaa.http: Flags [S], cksum 0x1237 (correct), seq 3315002109, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:26.425813 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32314, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56207 > aaa.aaa.aaa.8080: Flags [S], cksum 0xd279 (correct), seq 2538229208, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:26.425823 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:28.054884 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32315, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56210 > aaa.aaa.aaa.http: Flags [S], cksum 0xfd53 (correct), seq 3196258035, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:28.054904 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:28.301757 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32316, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56211 > aaa.aaa.aaa.http: Flags [S], cksum 0xafa9 (correct), seq 2972606961, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:28.602097 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32317, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56212 > aaa.aaa.aaa.http: Flags [S], cksum 0x778b (correct), seq 4013120521, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:28.602117 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:31.055765 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32318, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56210 > aaa.aaa.aaa.http: Flags [S], cksum 0xfd53 (correct), seq 3196258035, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:31.055776 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:31.156867 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32319, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56208 > aaa.aaa.aaa.http: Flags [S], cksum 0x7103 (correct), seq 2780020772, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:31.301776 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32320, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56211 > aaa.aaa.aaa.http: Flags [S], cksum 0xafa9 (correct), seq 2972606961, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:31.407692 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32321, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56209 > aaa.aaa.aaa.http: Flags [S], cksum 0x2646 (correct), seq 3315002109, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:31.602315 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32322, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56212 > aaa.aaa.aaa.http: Flags [S], cksum 0x778b (correct), seq 4013120521, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:31.602325 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:34.249728 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32323, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56213 > aaa.aaa.aaa.http: Flags [S], cksum 0xd724 (correct), seq 3143905342, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:34.249747 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:34.500390 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32324, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56214 > aaa.aaa.aaa.http: Flags [S], cksum 0xda74 (correct), seq 87286558, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:34.500410 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:37.056457 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32325, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56210 > aaa.aaa.aaa.http: Flags [S], cksum 0x1163 (correct), seq 3196258035, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:37.056469 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:37.250464 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32326, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56213 > aaa.aaa.aaa.http: Flags [S], cksum 0xd724 (correct), seq 3143905342, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:37.302433 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32327, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56211 > aaa.aaa.aaa.http: Flags [S], cksum 0xc3b8 (correct), seq 2972606961, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:37.500215 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32328, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56214 > aaa.aaa.aaa.http: Flags [S], cksum 0xda74 (correct), seq 87286558, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:37.500225 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:37.602489 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32329, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56212 > aaa.aaa.aaa.http: Flags [S], cksum 0x8b9a (correct), seq 4013120521, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:43.250623 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32330, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56213 > aaa.aaa.aaa.http: Flags [S], cksum 0xeb33 (correct), seq 3143905342, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:43.250634 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:43.417662 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32331, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56217 > aaa.aaa.aaa.http: Flags [S], cksum 0xd1df (correct), seq 893762462, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:43.501817 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32332, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56214 > aaa.aaa.aaa.http: Flags [S], cksum 0xee83 (correct), seq 87286558, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:43.501827 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:46.418997 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32333, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56217 > aaa.aaa.aaa.http: Flags [S], cksum 0xd1df (correct), seq 893762462, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:46.419009 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:52.418800 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32334, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56217 > aaa.aaa.aaa.http: Flags [S], cksum 0xe5ee (correct), seq 893762462, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:52.418811 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:55.503028 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32335, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56218 > aaa.aaa.aaa.http: Flags [S], cksum 0xd257 (correct), seq 4086693076, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:55.503071 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:58.503196 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32336, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56218 > aaa.aaa.aaa.http: Flags [S], cksum 0xd257 (correct), seq 4086693076, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:58.503208 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28

Как это может быть? Что еще я могу попробовать?

Я предполагаю, что есть некоторые брандмауэры, блокирующие вещи между моей локальной сетью и моим сервером (pfSense или на сервере), но как я могу устранить это?

Заранее спасибо за вашу благодарную помощь и поддержку.

1 ответ1

0

ОК, pfSense был неправильно настроен. В брандмауэре было правило для интерфейса локальной сети: все передавалось по IP моего удаленного сервера ...

Решение: отключите маршрут в pfSense> Firewall> Rules> LAN.

Всё ещё ищете ответ? Посмотрите другие вопросы с метками .