• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

[SOLVED] WAN traffic dropped by "Default deny rule IPv4"

General pfSense Questions
2
5
452
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • K
    kx93
    last edited by kx93 Mar 25, 2023, 8:09 PM Mar 25, 2023, 7:46 PM

    Server listening on TCP/5062 in DMZ. Firewall rule and port forward NAT are setup for the range TCP/5061-5062. Firewall is virtualized on an ESXi. However pfSense shows it is blocking with "Default deny rule IPv4 (1000000103)" rule. TCPDump shows the traffic hitting the WAN interface but no traffic involving any other interfaces (like the DMZ interface). I'm using an Alias for the source IP in the WAN fw rule but also tried a single IP with the same result. Firewall log shows the block with the destination being the NAT private LAN and "TCP:S". I have another port on same server listening on TCP/8443 and it is behaving the same.

    🔒 Log in to view

    🔒 Log in to view

    1 Reply Last reply Reply Quote 0
    • V
      viragomann
      last edited by Mar 25, 2023, 7:54 PM

      @kx93
      In the rule you have to set the destination to the local devices, which forward the traffic to.

      K 1 Reply Last reply Mar 25, 2023, 8:01 PM Reply Quote 1
      • K
        kx93 @viragomann
        last edited by Mar 25, 2023, 8:01 PM

        @viragomann
        That is so wrong for pfSense to work like that. Gross.

        V 1 Reply Last reply Mar 25, 2023, 8:06 PM Reply Quote 0
        • V
          viragomann @kx93
          last edited by Mar 25, 2023, 8:06 PM

          @kx93
          pfSense provides you to add the rule automatically for you, when forwarding packets: "filter rule association" option.
          Use it, it does a great job. :-)

          K 1 Reply Last reply Mar 25, 2023, 8:07 PM Reply Quote 1
          • K
            kx93 @viragomann
            last edited by Mar 25, 2023, 8:07 PM

            @viragomann
            Yeah I did before you replied and that's actually what told me how it works haha. I thought "it can't be that".

            1 Reply Last reply Reply Quote 0
            4 out of 5
            • First post
              4/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.