@dark_prophet next step for what - from your wireshark I see some traffic to 2302 on both udp and tcp... So pfsense is forwarding the traffic.. Why your box is not answering we have already gone over why that might be..

@johnpoz Thanks for the example and your explanation of the port forward rule. I have created a similar one but indeed specifically for port 445. This time I did not do an exploit from my Windows 11 machine but from Kali Linux in the same LAN segment 192.168.0.0/24 as my windows 11 machine. This time it is quite easy to run the exploit on a machine in a different LAN segment behind the pfsense firewall. I suspect Windows 11 has built-in security.

@viragomann it probably might just have been a bug. Red herring. Never happened before.

@steveits it answers my question, thanks!

@steveits: It does on my end as well.

@viragomann Thanks! Blocking of private networks was the issue. Default route was already in. You rock!

@keyser yep was going to write this..Thats how i would do it.

@dominikhoffmann said in Can’t forward gateway WAN Port 1360 to host on internal private network: What am I looking for? A existing state pointing with the wrong IP on it or something.. Kill the bad state..

@viragomann completely agree, you might source nat to allow conversations with something that uses a different gateway than pfsense, or doesn't have a gateway (camera as example).. Or if it was some iot devices that prevented access with no way to allow for it. But if its a device running its own firewall - it would be better to correctly set this devices firewall to allow the traffic, or just disable it if you feel that is appropriate for your network. Secured, you mange all the devices, nothing hostile on the devices own network, etc.

@4rr3n said in Inter VLAN: @jarhead said in Inter VLAN: @4rr3n First, why would pfSense be off? Things happen, power cuts, kids or animals etc. As long as pfSense is handling the layer 3 portion the vlans will not be able to communicate to each other. Layer 2 is handled by the switch so anything connected to it will still communicate with each other. So vlan10 devices will talk to other vlan 10 devices, vlan 20 devices will talk to other vlan 20 devices, but vlan 10 won't talk to vlan 20 and vice versa. So, from the example you have provided, is that the case when PFSense box is turned off or on ? My concern is what happens when the layer 3 (pfsense in this case) is not present but switch/access point is still turned on. Well, you asked what would happen when it's off, so I wrote what would happen when it's off. When it's on, all would work as expected.

@pfrickroll said in Blocking outbound ports & trusted sites list on VPN: Is there a way somehow to block the above inside that VPN? I'm not sure of how Twingate works. But if it is like a typical VPN where the connection to them is being done via an app on a device (computer, phone, tablet, etc) then as far as I know your are not going to be able to filter traffic via pfsense. All of the traffic routing out the device will be encrypted by the Twingate app and pfsense will not be able to see any of the destination information other than the routing of packets to Twingate. If this is the case, you'll have to revert to blocking on each device (host file, built-in firewall, etc). If Twingate is set up as an interface in pfsense then you can address this by creating Aliases of the ports, sites and IPs you want to block then use those aliases in firewall rules on that interface.

@dobby_ Thanks, yes I know it is best done from outside, but have limited possiblity for that so wonder if the setup I suggested will be useful and secure for this or not. But perhaps using another firewall in front of pfSense and a raspberry pi or similar in between to use as pen-tester would create the same effect... As pfSense is what I want to test, it should be sufficient, right? As long as just connecting to pfSense WAN, and using a dedicated monitor/tbg/mouse for the RPi...

@mcpolygon-0 Multiple scheduler for multiple rules should do the trick There must be a check mark somewhere that states got killed after schedule expired Wild guess somewhere in the advanced section BR

@johnpoz Thanks a lot, it works!

@mariog said in Excessive Port 2190 UDP Firewall Log: Will contact Comcast about it. good luck with that ;) Please let us know what they say about, level 1 guy for sure is not going to be of much help.. You most likely will need to get escalated to level 3 support before they even have a clue to what your talking about.. But I am very curious to what they say..

@brontide Yeah, I know. That's why I put quotes around it.

@bkalem Traffic is evaluated as it enters the pfsense interface from the network attached. if you want vlan 10 to be able to talk to something in vlan 20.. Pfsense see the traffic as it enters the vlan 10 interface from vlan 10, so this is where the rule would go to allow what you want into the destination (vlan 20 net).. Unless you create floating rules, pfsense never evaluates traffic as it exits an interface into a network. There is no need for a return rule in vlan 20, since the return traffic from vlan 20 to vlan 10 would be allowed by the state that pfsense creates when it allowed the traffic on vlan 10. Think of pfsense as a building, your standing in middle of the building. As traffic tries to enter a door from outside the building is where the rules would be evaluated.. if someone tries to enter your building (pfsense) from vlan 10 into the vlan 10 door, this is where you would allow them to enter or not.. Lets say that traffic was going to vlan 20, then you would allow, but maybe it trying to go t vlan_12 so you deny that.. But the rules are placed on the interface where the traffic would enter the building (pfsense) Keep in mind rules are evaluated top down, first rule to trigger wins, no other rules are evaluated.

@michmoor Cloudflare DNS has inherent firewall service so it seems good to use (DDoS protection) and now I use link local IP address for IPv6 and that might help since its local. Because there are other ways to block hackers than just MITM or SSL Inspection.