[SOLVED] WAN traffic dropped by "Default deny rule IPv4"

kx93 · Mar 25, 2023, 8:09 PM

Server listening on TCP/5062 in DMZ. Firewall rule and port forward NAT are setup for the range TCP/5061-5062. Firewall is virtualized on an ESXi. However pfSense shows it is blocking with "Default deny rule IPv4 (1000000103)" rule. TCPDump shows the traffic hitting the WAN interface but no traffic involving any other interfaces (like the DMZ interface). I'm using an Alias for the source IP in the WAN fw rule but also tried a single IP with the same result. Firewall log shows the block with the destination being the NAT private LAN and "TCP:S". I have another port on same server listening on TCP/8443 and it is behaving the same.

🔒 Log in to view

viragomann · Mar 25, 2023, 7:54 PM

@kx93
In the rule you have to set the destination to the local devices, which forward the traffic to.

kx93 · Mar 25, 2023, 8:01 PM

@viragomann
That is so wrong for pfSense to work like that. Gross.

viragomann · Mar 25, 2023, 8:06 PM

@kx93
pfSense provides you to add the rule automatically for you, when forwarding packets: "filter rule association" option.
Use it, it does a great job. :-)

kx93 · Mar 25, 2023, 8:07 PM

@viragomann
Yeah I did before you replied and that's actually what told me how it works haha. I thought "it can't be that".