Transparent Firewall not passing traffic
-
I installed PFSense three days ago. I watched Laurence's video on how to setup it up and as a transparent FW and the documentation on bridging.
I configured a bridge with OPT1 and OPT2, I have WAN and LAN connected to my LAN (on two separate segments) and can access the internet from the WAN to get updates/packages. I can also access the LAN interface to manage the device.
Now when I connect my Internet router and my main firewall to OPT1 and OPT2, Internet access stops. I have a rule in the bridge interface to allow all from any to any but it still does not pass traffic.
I should mention, I have pfBlockerNG and Suricata installed and configured; Suricata is set to Not Block and pfBlockerNG has rules for GeoIP blocking and others but as a test I added an any any rule at the top so it should not prevent the traffic from passing through the bridge.
I also removed the pfBlocklerNG config from the bridge interface to test and still no go.
I'm sure it's newbie problem but I can't see what I did wrong. I've been playing with Firewalls for more than 20 years but I'm stuck here, please help!
-
I looked at the firewall logs and I see my testing pings being blocked by the Default deny rule IPv4 (1000000103) rule but I cannot find this rule anywhere in my rules list. I take it that it's a default rule.
So this means to me that the traffic is not matching any of my rules so it falls into the last rule in the system; the default deny.
I have a default allow rule setup on the bridge interface as well as in both bridge members (OPT1 and OPT2) but why would it not match them?
-
I figured it out.
My any any * * ipv4 rule did not include icmp so my pings (which I was using to determine if traffic was flowing) were being blocked.
Now I know IPv4 * does not include IPV4 ICMP