Filrewall rules being ignored by pfSense in vmware server install

whitney

By the way, I know that 10.0.0.0/8 is normally not routable. I turned of "block private networks" and "block bogon networks" so the only firewall rule is the one that i previously described.

GruensFroeschli

HOWEVER, I am trying to pass http traffic to another VM on the host only network from the WAN. I have set up a firewall rule to do this:

Proto: TCP
Source: *
Port: *
Destination: 172.16.150.3
Port: 80 (HTTP)
Gateway: *
Schedule: <nothing></nothing>

Could you specify a bit clearer what you are trying to achieve?
Where did you create this rule?
http://forum.pfsense.org/index.php/topic,7001.0.html

whitney

I am trying to set up an email server in a vmware virtual machine. I want traffic to this machine to pass through pfSense. So I have a virtual machine that contains the email server at 172.16.150.3. This is on the host only network. I can access it directly, but when I try to reach it through 10.99.99.6, I can not. The packets are being filtered.

I created this rule in the pfSense web console.

GruensFroeschli

I created this rule in the pfSense web console.

You're not really using the console right?
Because if you are…. urdoinitwrong.

Could you show screenshots of the rules? (from the webgui).
Also did you read the link i provided?
i'm refering to this part:

Rules:
Rules are processed from top to down.
If a rule catches the rest of the rules is no longer considered.
Per default a "block all" rule is always in place (invisible below your own rules).

Traffic is filtered on the Interface on which traffic comes in.
So traffic comming in on the LAN-Interface will only be processed from the rules you define on the LAN tab.

whitney

I am aware of that rule. I am expected my rule to be matched. Here is the web console:

GruensFroeschli

Traffic is filtered on the Interface on which traffic comes in.
So traffic comming in on the LAN-Interface will only be processed from the rules you define on the LAN tab.

Your rule is on the WAN interface.
You want to allow traffic from the LAN interface.

whitney

No. I want traffic to pass from the WAN to the machine on my LAN. I am sending traffic to 10.99.99.6

whitney

Here is a screen shot of the log. Packets are definitely coming in on the WAN IF

GruensFroeschli

If you are looking for help on the forum because you have a problem:
provide as much information as possible.
(log-outputs, screenshots of config/rules, etc.)
Often a Diagram (ASCII ART ?) can help more than pages of descriptions how your network is set up.

But i think i figured out what you want.

Client
          |
          |
          |
      physical
      WAN(10.99.99.6)
    pfSense
      LAN(172.16.150.2)
        virtual
          |
          |
          |
          |
      172.16.150.3
      virtual Server

You run a mailserver on 172.16.150.3 and you want to be able to connect to 10.99.99.6 and access this mailserver.
For this to work you need to forward the ports on which your server is reachable.
just a firewall rule is not enough.
Create forwardings under Firewall–>NAT

whitney

Ah ha! You are right. That is the piece that I was missing. Cool. Thanks for your help.

Whitney