pfSense blocking traffic between VLANs when it shouldn't
-
Hello, I have a LAN and an IoT VLAN. pfSense 2.6.0
I have a firewall rule on the LAN interface (at the top):
-
Action: Pass
-
Protocol: IPv4*
-
Source: *
-
Port: *
-
Destination: Private_IP_Alias (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16)
-
Port: *
-
Gateway: *
The same rule exists on the IoT interface but with Action: Block instead of pass.
I am trying to access a server that is on the IoT interface from the LAN (SSH, HTTP) but the Firewall is blocking me after a short amount of time with:
LAN Default deny rule IPv4 (1000000103) TCP:S
LAN Default deny rule IPv4 (1000000103) TCP:A
LAN Default deny rule IPv4 (1000000103) TCP:RANo matter what I change in the firewall rules, I am still getting blocked. I tried adding specific rules with the specific IP addresses and I also tried the Easy Rule: Pass this traffic button without any success.
ICMP does not seem to be getting blocked.
What is wrong here?
-
-
@sotirone Hard to tell if you don't post screenshots from your rules on LAN.
-
@bob-dig
Private_IP_Space alias:
LAN Rules:
IoT Rules:
Firewall Logs (in this case I am trying to stream from TVHeadend running on the IoT server):
-
@sotirone The rules look ok, if those screenshots are complete... You maybe have a asymmetric-routing problem. How are those interfaced configured (screenshot)?
-
@bob-dig The screenshots are complete, I was just saving space and cropped them that much.
Here are the interface configurations:
LAN:
IoT:
-
@sotirone I can't see the problem. But with streaming it could be that TVHeadend must also send data on its own. So make an allow anything rule on top of iot and have a look if it is working then.
-
@bob-dig I did, the stream works for 33-35 seconds and then cuts out.
Same thing with SSH, works for around 34 seconds and then just freezes.
Edit: Well, this seems to only happen with this specific device. I am going to install a second Linux machine and test with that.