trouble with firewall rules
-
@luisenrique
If reply packets are blocked it"s most probably due to asymmetric routing.However, no idea what could be the reason in your simple setup.
Run a packet capture on FW2 LAN to investigate. Ensure that you see both request and reply packets. -
@viragomann i have only one path to reach each one FWs
thanks -
@luisenrique FWIW in Windows 10 we found our clients using RDP over UDP had frequent disconnects/reconnects. TCP was fine. Windows 11 is better but still dropped occasionally. I suggest sticking to TCP if possible.
Is the "black window" after logging in? The first thing you see should be the login prompt, or maybe a certificate warning for the self-signed cert the Windows PC is using.
-
@SteveITS yes the black windows after loggin, this no happened the last week
-
@SteveITS i swiched to TCP only the connection are OK and has no necessary the reply rule... i don't have a asymmetric routing, but why? this no happened to me before pfsense 2.7.0 update update, i have made some changes on my firewall rules to make more readable and organized, i never have this issue.
-
@luisenrique I don't know, but I would suspect it's not related to pfSense. RDP via UDP has just been unstable, in my experience over the past few years. When did you upgrade to 2.7? The July Windows Updates came out on July 11... Any recent antivirus program updates?
-
@SteveITS said in trouble with firewall rules:
@luisenrique I don't know, but I would suspect it's not related to pfSense. RDP via UDP has just been unstable, in my experience over the past few years. When did you upgrade to 2.7? The July Windows Updates came out on July 11... Any recent antivirus program updates?
i upgraded both pfW last week, now i'm switching to RDP TCP and this the connectin are OK, i will check my all rules and config to ensure all is ok or are related with rdp over udp. thanks
-
That initial screenshot looks like fragmented packets. No ports or shown on the first part of the fragmented packet. TCP likely handles that far better.
-
@stephenw10
yes, i switched to TCP and the problem has gone... so my question now is why before no happened to me?...
i made more restrictive pf rules because they are too open or permissible rules, and later make a pfsense update, really now i don't know the cause, i don't see other issues in my network.
thanks!!! -
Seeing fragmented packets like that implies some type of MTU mismatch so I'd look for that. Perhaps something changed on your WAN. Or maybe you added a VLAN the traffic is using.
