Debian – pfsense long ping to google

I have a pfsense box set up. What happens is I set a rule so I can't hit the admin interface 192.168.3.1 from the box.

With the rule enabled

--- www.l.google.com ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 5080ms
rtt min/avg/max/mdev = 37.684/37.776/37.869/0.215 ms
root@bad-apple:/etc#

Rule disabled

--- www.l.google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 42.064/44.104/46.144/2.040 ms

disallow Rule that causes it.

ID  Proto   Source  Port    Destination     Port    Gateway     Queue   Schedule    Description     

        *   APPLESERVER net     *   192.168.3.1     *           *        none

I don't want the server to be able to hit admin interface, but would like to hit internet for configuration of the machine. Has anybody had this problem before? I have below this disallow rule an allow all from APPLESERVER NET to * because if I set destination to WAN net dns dies.

Best Answer

You're breaking your DNS. Most likely what you have is the primary DNS server pointed to the firewall interface IP, and when you take that rule off it's blocking that DNS attempt, so it has to wait for it to timeout, and then that host falls back to using other configured DNS server(s). Change that rule to only permit DNS.

Best Answer

Related Solutions

Linux – Ubuntu not letting me download using anything but apt-get

PFSense 2.0 RC 3 – Routing problem with PPTP VPN

Related Topic