Default LAN Rule

joyfulway

Hi,

With two VPN site-to-site connections running on Pfsense embedded 1.2, traffic from the remote site (dst port 80) to our mail server in the LAN of the main site is blocked by the firewall LAN interface on its way back to the remote site.

System log gives.
@91 block drop in log quick all label "Default deny rule

It looks like this topic has been reported several times without any clear response.

Any suggestion on what is going on ?

Thanks in advance,
Bastien

kpa

Are you sure that the trafic is actually blocked? It could be just this what you're seeing:

http://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection%2C_why%3F

joyfulway

kpa,

thanks for your reply.

Yes, the traffic is actually blocked by the pfsense router: i've tracked the packets using tcpdump, from the client to the pfsense to the web server (Zimbra mailserver) and back to the client through the pfsense router. This is were the packets are stopped.

I have several applications (database and a Freecom file server) accessed by remote clients  and the connection to the Zimbra mailserver is the only one blocked on its way back.

Thanks for your help.