Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Why is port 445 blocked?

    Scheduled Pinned Locked Moved
    Firewalling
    3
    4
    1.0k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fmaen
      last edited by

      Hey guys,
      sorry for a maybe stupid question... I´m new to firewalling :)

      For whatever reason, Port 445 is blocked on my pfSense firewall.

      My Setup: Windows Client in WAN network with IP 192.168.178.20
      WAN is a FritzBox network (will be changed to be a "real" WAN network later when I´ll move the clients in a LAN net)

      I have a Synology NAS in another subnet (DEV) with IP 10..0.200.175

      From the client, I´m trying to access the Synology SMB share. I can browse the share but data is not transferred, From the logs, I see traffic on port 445 is blocked, even though there is a rule to allow TCP/445.

      Log:
      01b8a467-fe3c-4a5a-850d-8e4cce244528-image.png

      Firewall Rule:
      6b122d13-31b2-422e-b802-576fbc23905c-image.png

      Of course this is disabled:
      842f951d-77ff-4a0d-b54e-b9d2ef1e9788-image.png

      Any ideas?

      S johnpozJ 2 Replies Last reply Reply Quote 0
      • S
        serbus @fmaen
        last edited by

        Hello!

        This is from the docs and might help:

        "*Warning

        The WAN Net choice for source or destination means the subnet of the WAN interface only. It does not mean “The Internet” or any remote host.*"

        John

        Lex parsimoniae

        1 Reply Last reply Reply Quote 0
        • johnpozJ
          johnpoz LAYER 8 Global Moderator @fmaen
          last edited by

          @fmaen so you disabled nat on pfsense? If your on some rfc1918 network and you want to access some other rfc1918 network behind pfsense..

          Either disable natting and allow via firewall rules and route, or you would need to setup port forwarding..

          Those blocks are Acks and not Syns - so that is really odd as well..

          Maybe you don't actually have isolation of your networks? How exactly are you routing this on your clients on your wan? How would they know how to get to this 10.0.200 network? If you just setup a route on your fritz box that is going to be asymmetrical, etc..

          Put your devices behind pfsense now traffic between vlans or other networks is not natted.. All the devices will be using pfsense as their gateway. you won't have to do port forwarding, etc.,

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.03 | Lab VMs 2.7.2, 24.03

          F 1 Reply Last reply Reply Quote 0
          • F
            fmaen @johnpoz
            last edited by

            @johnpoz YOU ARE MY HERO!

            This might be ridiculously stupid but the asymmetrical routing was the reason.

            As you may assume from my setup, I once used the FritzBox network only and started to setup the pfSense recently. The Synology NAS was connected directly to the FritzBox (WAN) network on the first eth interface. The second one was connected to the DEV interface of my pfSense where I was facing the described issues.
            On the Synology, the first interface was still the WAN subnet connected.

            Thanks a lot!!!!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post