Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is there any way I cannot use the "Static route filtering" option in my situation?

    Firewalling
    2
    6
    259
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • I
      IbanezRG770
      last edited by

      Hi everyone,
      I have an internal server with around 10-15 ports forwarded to it from a virtual WAN IP. For this server I have also set up a 1 to 1 nat so it uses the same external IP the traffic is coming in on. However, I keep seeing traffic block by the default deny rule with outgoing traffic on ports that are being allowed and forwarded. My default outbound rule is to pass all traffic.
      Looking into this issue it seems the fix is to enable Static route filtering Bypass firewall rules for traffic on the same interface. Once I do this, it seems the traffic is passed normally. This seems less secure to me. Is there something I can configure differently to avoid having to bypass the rules?
      Please let me know if you need any further information. Thank you in advance.

      I V 2 Replies Last reply Reply Quote 0
      • I
        IbanezRG770 @IbanezRG770
        last edited by

        Update, it seems it is still blocking traffic even though the "Bypass firewall rules for traffic on the same interface" is checked.

        1 Reply Last reply Reply Quote 0
        • V
          viragomann @IbanezRG770
          last edited by

          @IbanezRG770 said in Is there any way I cannot use the "Static route filtering" option in my situation?:

          I keep seeing traffic block by the default deny rule with outgoing traffic on ports that are being allowed and forwarded.

          Which traffic? From the server to the internet or from the internet to the server or even from / to another subnet?

          Can show the blocks, please?

          I 1 Reply Last reply Reply Quote 0
          • I
            IbanezRG770 @viragomann
            last edited by IbanezRG770

            @viragomann
            It's outgoing from the internal server to the external client mashines.
            23e02c3f-760d-4d9d-b7f8-136d26ebb7a1-image.png
            Port 8027 is forwarded from the external IP to the internal server for both UDP/TCP.

            V 1 Reply Last reply Reply Quote 0
            • V
              viragomann @IbanezRG770
              last edited by

              @IbanezRG770 said in Is there any way I cannot use the "Static route filtering" option in my situation?:

              Port 8027 is forwarded from the external IP to the internal server for both UDP/TCP.

              So these might be reply packets from the server, but they are blocked on WAN. So I'm wondering if you have a special network set up, which leads to these blocks.

              I 1 Reply Last reply Reply Quote 0
              • I
                IbanezRG770 @viragomann
                last edited by

                @viragomann
                Thanks. I only have one external WAN port and several internal networks. I have the default block rule and 2 other rules that were created by PFSense DNSRBL. All other traffic is allowed outbound. I am not sure what/why would be blocking it.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post