Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Firewall rule] LAN -> LAN going also throug WAN instead of LAN only

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 1 Posters 565 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      nekopep
      last edited by

      Hello,

      I've just setup a new pfsense box. Everything running smoothly:
      WAN: (DHCP) 192.168.1.46/24 -> Gateway 192.168.1.254
      LAN: 192.168.20.254/24

      WAN Firewall Rules:
        Block private networks,
        Block bogon networks,
        Allow all ICMP from anywhere to anywhere

      LAN Firewall Rules:
        Allow ipv4 anything from anywhere to anywhere

      I've just added some syslog in pfsense to a LAN server (192.168.20.13:5104)
      And trying to see if my server was receiving the syslog and looking at firewall logs I saw that:

      Status/System/Logs/Firewall/Normal View
      (interface) WAN |  Block ULA networks from WAN block fc00::/7 (12000)  |  (source) 192.168.20.254:514 | (destination) 192.168.20.13:5140 | (proto) UDP

      So looks like pfsense is trying to send the syslog to the good address but  throught WAN instead of LAN and thus all packet are blocked :/

      Am I missing something???
      Do I need to add some kind of route to explain that traffic from pfsense to LAN must pass to LAN interface??

      It must be something very simple that I'm missing there…
      Thanks for your help!
      WAN.PNG
      WAN.PNG_thumb
      WAN_rules.PNG
      WAN_rules.PNG_thumb
      LAN.PNG
      LAN.PNG_thumb
      LAN_rules.PNG
      LAN_rules.PNG_thumb
      WAN_blocked_while_destination_src_is_LAN.PNG
      WAN_blocked_while_destination_src_is_LAN.PNG_thumb
      syslogs_config.PNG
      syslogs_config.PNG_thumb

      1 Reply Last reply Reply Quote 0
      • N
        nekopep
        last edited by

        I've also tryed to SSH to pfsense and then SSH back to my syslog server with success. So must be a configuration issue in syslog settings inside pfsense, where the syslog server in pfsense sends its logs through WAN instead of LAN ?? Is this possible??

        1 Reply Last reply Reply Quote 0
        • N
          nekopep
          last edited by

          I've just disabled syslog and I see that for example the firewall logs reports that WAN blocked access 192.168.20.13:443 like if my traffic going from my LAN pc to pfsense interface was also going to WAN.

          I mean I have access to web interface through LAN, but I don't undersatnd why a block ruel is trigered on WAN …

          I'm probably missing a simple thing, I probably don't understand some routing process inside of pfsense of a misconfiguration somewhere.

          I probably can remove all the noise unticking "Block private networks and loopback addresses" on WAN interface but not sure it is a good idea.

          Any tought?

          1 Reply Last reply Reply Quote 0
          • N
            nekopep
            last edited by

            To add more infos:
            When I disable "Block private networks and loopback addresses" the packet are blocket with rule "(1000002620) " triggered.
            Perhaps related pfBlocker.
            I also have suricata running in inline mode, but i don't think it is related.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.