Firewall blocking everything but doesn't show up in the logs

palantir

Hello,

I have configured a WLAN on my pfsense box. The LAN does work, I have it connected right now and can confirm that this works. However, the WLAN doesn't work no matter what I do, even though I am using the exact same configuration I used with the LAN.

I have a test device connected to WLAN at 192.168.4.7. I assigned it a static IP through the DNS service. The subnet for WLAN is 192.168.4.1. I enabled logging for the firewall rule on WLAN. I can see in the system logs lots of pass entries for 192.168.4.7 as the "Source IP address" and they are all pass. But there is nothing returned for filtering 192.168.4.7 as "Destination IP address" which seems to indicate that somehow traffic is only being allowed one direction.

My firewall rule is configured the following way:

Source: WLAN net
Destination: any

Log packets that are handled by this rule: Enabled

Advanced Options:
Gateway: OVPNC_VPNV4 (...) 

The Gateway here is a VPN I use for all traffic outside the firewall. I have this same setting on my LAN interface (which is working) so I do not believe the problem is the VPN.

Any ideas what to look at here to debug this issue? I am confused as to why I have traffic only "flowing" in one direction on the WLAN.

dma_pf

The first thing that pops into my mind is whether or not you remembered to create an Outbound NAT rule for the WLAN to OVPNC_VPNV4 Interface? Without that NAT rule your firewall rule will not work.

Check your Outbound NAT rules. You should already have a LAN to OVPNC_VPNV4 rule. Just copy the rule and swap the 192.168.4.1 network for your LAN Network.

palantir

@dma_pf

That did the trick! Thank you so much, I would have burned so many hours on that problem. I am still new to pfsense but I am enjoying it so far!

dma_pf

@palantir said in Firewall blocking everything but doesn't show up in the logs:

I would have burned so many hours on that problem.

Glad I could help. I am one of those guys that did burn some hours tracking your issue down years ago!

johnpoz

@palantir said in Firewall blocking everything but doesn't show up in the logs:

I would have burned so many hours on that problem

Why? It should of been like 2 minutes to track that down.. does the traffic hit pfsense lan side interface. Does it leave the interface you said to leave on..

Simple packet captures would of shown you were not natting it in like 10 seconds worth of traffic..

That is not unique to pfsense - that is basic 101 routing/firewall troubleshooting.. Follow the traffic flow.

Another simple trick that would of shown you your issue right away would be simple look in the state table for your client and your destination you were using for test.. And you would seen not natted there as well.

dma_pf

@johnpoz said in Firewall blocking everything but doesn't show up in the logs:

Why?

Well for me, when I spent hours chasing my tail on this issue I was brand new to pFsense and my only experience to networking was plugging in a consumer router. No networking 101 for me ever, so it was like learning a foreign language.

I'm far, far from an expert now. But and am miles ahead from where I was. It took a lot of getting my hands dirty in pfsense, tracking down issues in this forum and getting a lot of help from you and a lot of other folks (thanks!). Now I'm glad I have enough skill and confidence to pay it forward.