Host remoto não acessível pela LAN, mas acessível pela WAN

3

Estou em uma rede local que se comunica com a web por meio de um roteador / firewall pfSense. Eu tenho dois servidores remotos do Debian, onde eu deveria poder acessar as portas 22 (SSH), 80 (HTTP), 8080 (HTTP) e 443 (HTTPS).

Meu problema é:

  • de fora da LAN (mesmo com o mesmo computador usando conexão telefônica 4G ou TOR ou VPN primeiro), posso acessar os dois servidores remotos (PING, Telnet, SSH, navegador, ...)
  • de dentro da LAN (qualquer computador), eu posso alcançar um deles, mas não o outro

O que tentei até agora:

  • traceroute mostra o mesmo lúpulo
  • no servidor inacessível, eu desabilitei ufw e fail2ban , e limpei todos os riles em iptable
  • no pfSense, não há regra específica
  • Eu uso tcpdump e telnet para testar a conectividade: nada aparece quando tento da LAN
  • nmap de dentro da LAN:
# nmap aaa.aaa.aaa

Starting Nmap 6.47 ( http://nmap.org ) at 2016-03-17 10:28 CET
Nmap scan report for aaa.aaa.aaa (X.X.X.X)
Host is up (0.00024s latency).
Not shown: 996 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
443/tcp  open  https
8080/tcp open  http-proxy

Nmap done: 1 IP address (1 host up) scanned in 2.48 seconds
  • nmap da LAN externa (ou através de VPN ou TOR):
# nmap aaa.aaa.aaa -Pn

Starting Nmap 6.47 ( http://nmap.org ) at 2016-03-17 10:43 CET
Nmap scan report for aaa.aaa.aaa (X.X.X.X)
Host is up (0.00020s latency).
All 1000 scanned ports on aaa.aaa.aaa (X.X.X.X) are filtered

Nmap done: 1 IP address (1 host up) scanned in 26.08 seconds

EDIT: aqui está o resultado do pcap no pfSense

Estou executando o pcap no pfSense: pfsense.aaa.aaa/diag_packet_capture.php, capturando tudo no IP X.X.X.X. Aqui está o que eu recebo:

  • na interface WAN: nada
  • na interface da LAN:
16:46:46.429029 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32293, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56189 > aaa.aaa.aaa.8080: Flags [S], cksum 0x710a (correct), seq 2055190549, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:46:46.429055 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:46:49.428920 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32294, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56189 > aaa.aaa.aaa.8080: Flags [S], cksum 0x710a (correct), seq 2055190549, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:46:49.428943 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:46:55.429030 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32295, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56189 > aaa.aaa.aaa.8080: Flags [S], cksum 0x8519 (correct), seq 2055190549, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:46:55.429041 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:07.051188 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32296, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56196 > aaa.aaa.aaa.http: Flags [S], cksum 0xe1cd (correct), seq 2531609125, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:07.051208 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:07.301459 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32297, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56197 > aaa.aaa.aaa.http: Flags [S], cksum 0x1f19 (correct), seq 3776561828, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:07.350865 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32298, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56198 > aaa.aaa.aaa.http: Flags [S], cksum 0x7035 (correct), seq 965220633, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:07.601227 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32299, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56199 > aaa.aaa.aaa.http: Flags [S], cksum 0xb4fe (correct), seq 565373988, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:07.601245 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:10.054191 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32300, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56196 > aaa.aaa.aaa.http: Flags [S], cksum 0xe1cd (correct), seq 2531609125, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:10.054203 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:10.301143 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32301, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56197 > aaa.aaa.aaa.http: Flags [S], cksum 0x1f19 (correct), seq 3776561828, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:10.350578 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32302, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56198 > aaa.aaa.aaa.http: Flags [S], cksum 0x7035 (correct), seq 965220633, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:10.601239 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32303, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56199 > aaa.aaa.aaa.http: Flags [S], cksum 0xb4fe (correct), seq 565373988, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:10.601249 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:16.054471 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32304, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56196 > aaa.aaa.aaa.http: Flags [S], cksum 0xf5dc (correct), seq 2531609125, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:16.054490 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:16.301017 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32305, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56197 > aaa.aaa.aaa.http: Flags [S], cksum 0x3328 (correct), seq 3776561828, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:16.350813 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32306, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56198 > aaa.aaa.aaa.http: Flags [S], cksum 0x8444 (correct), seq 965220633, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:16.601402 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32307, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56199 > aaa.aaa.aaa.http: Flags [S], cksum 0xc90d (correct), seq 565373988, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:16.601414 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:17.424054 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32308, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56207 > aaa.aaa.aaa.8080: Flags [S], cksum 0xbe6a (correct), seq 2538229208, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:20.425408 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32309, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56207 > aaa.aaa.aaa.8080: Flags [S], cksum 0xbe6a (correct), seq 2538229208, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:20.425419 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:22.155778 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32310, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56208 > aaa.aaa.aaa.http: Flags [S], cksum 0x5cf4 (correct), seq 2780020772, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:22.155798 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:22.406697 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32311, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56209 > aaa.aaa.aaa.http: Flags [S], cksum 0x1237 (correct), seq 3315002109, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:25.156034 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32312, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56208 > aaa.aaa.aaa.http: Flags [S], cksum 0x5cf4 (correct), seq 2780020772, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:25.156045 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:25.406791 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32313, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56209 > aaa.aaa.aaa.http: Flags [S], cksum 0x1237 (correct), seq 3315002109, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:26.425813 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32314, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56207 > aaa.aaa.aaa.8080: Flags [S], cksum 0xd279 (correct), seq 2538229208, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:26.425823 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:28.054884 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32315, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56210 > aaa.aaa.aaa.http: Flags [S], cksum 0xfd53 (correct), seq 3196258035, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:28.054904 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:28.301757 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32316, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56211 > aaa.aaa.aaa.http: Flags [S], cksum 0xafa9 (correct), seq 2972606961, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:28.602097 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32317, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56212 > aaa.aaa.aaa.http: Flags [S], cksum 0x778b (correct), seq 4013120521, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:28.602117 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:31.055765 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32318, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56210 > aaa.aaa.aaa.http: Flags [S], cksum 0xfd53 (correct), seq 3196258035, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:31.055776 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:31.156867 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32319, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56208 > aaa.aaa.aaa.http: Flags [S], cksum 0x7103 (correct), seq 2780020772, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:31.301776 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32320, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56211 > aaa.aaa.aaa.http: Flags [S], cksum 0xafa9 (correct), seq 2972606961, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:31.407692 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32321, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56209 > aaa.aaa.aaa.http: Flags [S], cksum 0x2646 (correct), seq 3315002109, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:31.602315 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32322, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56212 > aaa.aaa.aaa.http: Flags [S], cksum 0x778b (correct), seq 4013120521, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:31.602325 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:34.249728 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32323, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56213 > aaa.aaa.aaa.http: Flags [S], cksum 0xd724 (correct), seq 3143905342, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:34.249747 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:34.500390 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32324, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56214 > aaa.aaa.aaa.http: Flags [S], cksum 0xda74 (correct), seq 87286558, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:34.500410 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:37.056457 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32325, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56210 > aaa.aaa.aaa.http: Flags [S], cksum 0x1163 (correct), seq 3196258035, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:37.056469 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:37.250464 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32326, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56213 > aaa.aaa.aaa.http: Flags [S], cksum 0xd724 (correct), seq 3143905342, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:37.302433 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32327, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56211 > aaa.aaa.aaa.http: Flags [S], cksum 0xc3b8 (correct), seq 2972606961, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:37.500215 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32328, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56214 > aaa.aaa.aaa.http: Flags [S], cksum 0xda74 (correct), seq 87286558, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:37.500225 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:37.602489 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32329, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56212 > aaa.aaa.aaa.http: Flags [S], cksum 0x8b9a (correct), seq 4013120521, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:43.250623 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32330, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56213 > aaa.aaa.aaa.http: Flags [S], cksum 0xeb33 (correct), seq 3143905342, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:43.250634 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:43.417662 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32331, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56217 > aaa.aaa.aaa.http: Flags [S], cksum 0xd1df (correct), seq 893762462, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:43.501817 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32332, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56214 > aaa.aaa.aaa.http: Flags [S], cksum 0xee83 (correct), seq 87286558, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:43.501827 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:46.418997 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32333, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56217 > aaa.aaa.aaa.http: Flags [S], cksum 0xd1df (correct), seq 893762462, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:46.419009 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:52.418800 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 32334, offset 0, flags [DF], proto TCP (6), length 48)
    192.168.16.136.56217 > aaa.aaa.aaa.http: Flags [S], cksum 0xe5ee (correct), seq 893762462, win 8192, options [mss 1460,nop,nop,sackOK], length 0
16:47:52.418811 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:55.503028 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32335, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56218 > aaa.aaa.aaa.http: Flags [S], cksum 0xd257 (correct), seq 4086693076, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:55.503071 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28
16:47:58.503196 80:c1:6e:e9:82:8f (oui Unknown) > 00:0a:f7:65:89:da (oui Unknown), ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 32336, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.16.136.56218 > aaa.aaa.aaa.http: Flags [S], cksum 0xd257 (correct), seq 4086693076, win 8192, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
16:47:58.503208 00:0a:f7:65:89:da (oui Unknown) > Broadcast, ethertype ARP (0x0806), length 42: Ethernet (len 6), IPv4 (len 4), Request who-has aaa.aaa.aaa tell pfsense.aaa.aaa, length 28

Como isso pode ser? O que mais eu posso tentar?

Meu palpite é que há algum bloqueio de firewall entre minha LAN e meu servidor (pfSense ou no servidor), mas como posso resolver isso?

Agradecemos antecipadamente pela sua ajuda e apoio muito apreciados.

    
por Clément Fleury 17.03.2016 / 11:01

1 resposta

0

OK, o pfSense foi mal configurado. Havia uma regra no Firewall para a interface LAN, fazendo com que tudo passasse pelo IP do meu servidor remoto ...

Solução: desative a rota no pfSense > Firewall > Regras > LAN.

    
por 18.03.2016 / 14:39