Why a LAN is blocking within the same LAN?
-
I see this in the firewall log...
VLAN60 Default deny rule IPv4 (1000000103) 192.168.60.100:60476 192.168.60.100:32400 TCP:RA
Not sure why it's being blocked within same VLAN on same PC? I tried to add an easy rule to allow this on VLAN60; i.e; on source, 192.168.60.100 any TCP port to port 32400 on 192.168.60.100, still blocked? Any ideas?
-
@pfuller There is no such thing. Pfsense (and as a matter of fact, any network device) would ever be able to block access originating and destined to the same host.
-
@netblues Thanks. That's my understanding, not sure why this is showing up in the firewall log - I cut and paste the above from the log. I'll dig deeper and see what I can find.
-
@pfuller said in Why a LAN is blocking within the same LAN?:
192.168.60.100:60476 192.168.60.100:32400
It's 'blocked', because it came into your "VLAN60" (probably 192.168.60.0/24 with a VLAN "60" number set - is this the case ? )
Or, it should never even reach this pfSense VLAN60 interface.
The switch between the "192.168.60.100" device and the pfSense VLAN60 NIC shouldn't even relay this packet to pfSense.
It doesn't look like a broadcast to me.Mind you, I find it even strange that the device "192.168.60.100" puts a packet on the wire, knowing that it want' to address itself : "192.168.60.100"( what do I know ^^ ).
Maybe some stupid app in the device 192.168.60.100 that doesn't know that 127.0.0.1 exists ;)Anyway : go have a talk with your switch.
And use the packet capture function on the VLAN60 interface, and have a look at some packets from 192.168.60.100.
Maybe the VLAN ID is wrong, and then everything is suddenly very clear and ok. You should probably talk again to to smart ? switch or your device.
VLAN setup errors are .... common. -
@gertjan Thanks for the reply. I will troubleshoot more and reply back if I find anything.
