Strange MAC blocking
-
Hi,
I have a problem that pfSense is blocking external traftic to WAN interface from one specific MAC address.
Let me explane …
I'm trying to connect from external network to WAN interface to port 80. (btw: this port is forwarded to web server in DMZ.).
I notice that connection is not working just from one MAC address, if I change (macchanger eth0) MAC address, or use different PC, connection is working… I also experiment with different IP addresses on that MAC and none worked, so I'm pretty sure that problem is in MAC address.
Well I'm pfSense newbie and I wonder ??? if it is possible that pfSense is somehow remembered (learned) my MAC for blocking it? -
Hi,
I have a problem that pfSense is blocking external traftic to WAN interface from one specific MAC address.
Let me explane …
I'm trying to connect from external network to WAN interface to port 80. (btw: this port is forwarded to web server in DMZ.).
I notice that connection is not working just from one MAC addressWhat does this configuration look like? Do you mean you plug a system directly into the WAN interface of your pfSense? If so, depending on the NICs, you may need a cross over cable rather than a straight through cable. In the case with the allegedly "bad" MAC address, do both ends of the link see it as in the "running" state?
-
It doesn't care about MACs, in regards to filtering. If there's an IP conflict, such as the system has a virtual IP for that IP, that can cause weird behavior such as that. It's also possible, though extremely unlikely, that you somehow have the MAC of that system conflicting with a local MAC on the firewall or elsewhere, by using MAC spoofing inappropriately. Examining a packet capture of that host's traffic should show the issue.
-
What does this configuration look like? Do you mean you plug a system directly into the WAN interface of your pfSense? If so, depending on the NICs, you may need a cross over cable rather than a straight through cable. In the case with the allegedly "bad" MAC address, do both ends of the link see it as in the "running" state?
No, over switch.