Bleedover of services
-
@johnpoz I am not sure how to post just the WAN rules so I zipped up and attached both the firewall and nat rules. I appreciate you taking a look and hopefully pointing me into the right direction.
-
@criley said in Bleedover of services:
I am not sure how to post just the WAN rules
simple screen shot
-
@johnpoz Here we go....
-
@criley do you have anything floating tab..
-
@johnpoz Here you go
-
@criley well you got any any rule from anything NA
And what are those rules 80 and 443 that don't show any interface? Pretty sure those would allow on any interface.. From looking at the rule in the zip you sent.
pass inet proto tcp from any to any port = http flags S/SA keep state label "USER_RULE: Global HTTP" ridentifier 1472233311 -
@johnpoz Those two rules that you pointed out were put their by pfBlockerNG. I have disabled them and will retest.
-
@criley well your using pfblocker wrong then ;) It only does what you tell it to do.. But a floating quick rule would be evaluated before any rules on your wan interface.
-
@johnpoz I went ahead and disabled both of those as well as the global http that you mentioned and I am still able to see ssh as well as the 8081 and 8443 both of which are from PFBlocker. Like I said the thing that really makes me crazy is why ssh still shows and when I try to ssh to the servers ip it drops me at the firewall ssh prompt.
-
@criley Did you have open states?
https://docs.netgate.com/pfsense/en/latest/troubleshooting/firewall.html#new-rules-are-not-appliedWhat are the NAT rules for port 22?
pfBlocker blocks are generally added to LAN (outbound) or WAN (inbound) and not floating rules which can appear unpredictable to those not familiar with them.
https://docs.netgate.com/pfsense/en/latest/nat/process-order.html#floating-rules-notes
https://docs.netgate.com/pfsense/en/latest/firewall/floating-rules.html
