Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Filrewall rules being ignored by pfSense in vmware server install

    Scheduled Pinned Locked Moved Virtualization
    11 Posts 2 Posters 7.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W Offline
      whitney
      last edited by

      Hello,

      I have pfsense 1.2 installed on VMWare 1.0.5 under linux. It is configured as follows:

      WAN -> le0 -> 10.99.99.6 (This is bridged to a physical NIC)
      LAN -> le1 -> 172.16.150.2 (This is a host only network)

      I can ping both the WAN and LAN networks from the pfSense console. I can send traffic from the LAN to the WAN through pfSense. In other words, it seems to be working ok.

      HOWEVER, I am trying to pass http traffic to another VM on the host only network from the WAN. I have set up a firewall rule to do this:

      Proto: TCP
      Source: *
      Port: *
      Destination: 172.16.150.3
      Port: 80 (HTTP)
      Gateway: *
      Schedule: <nothing>When I send http packets to the WAN address, they are being filtered by the default firewall rule (drop) according to the firewall log. My rule seems to be being ignored all together.

      Anyone have any idea what is going on here?

      Thanks,
      Whitney</nothing>

      1 Reply Last reply Reply Quote 0
      • W Offline
        whitney
        last edited by

        By the way, I know that 10.0.0.0/8 is normally not routable. I turned of "block private networks" and "block bogon networks" so the only firewall rule is the one that i previously described.

        1 Reply Last reply Reply Quote 0
        • GruensFroeschliG Offline
          GruensFroeschli
          last edited by

          HOWEVER, I am trying to pass http traffic to another VM on the host only network from the WAN. I have set up a firewall rule to do this:

          Proto: TCP
          Source: *
          Port: *
          Destination: 172.16.150.3
          Port: 80 (HTTP)
          Gateway: *
          Schedule: <nothing></nothing>

          Could you specify a bit clearer what you are trying to achieve?
          Where did you create this rule?
          http://forum.pfsense.org/index.php/topic,7001.0.html

          We do what we must, because we can.

          Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

          1 Reply Last reply Reply Quote 0
          • W Offline
            whitney
            last edited by

            I am trying to set up an email server in a vmware virtual machine. I want traffic to this machine to pass through pfSense. So I have a virtual machine that contains the email server at 172.16.150.3. This is on the host only network. I can access it directly, but when I try to reach it through 10.99.99.6, I can not. The packets are being filtered.

            I created this rule in the pfSense web console.

            1 Reply Last reply Reply Quote 0
            • GruensFroeschliG Offline
              GruensFroeschli
              last edited by

              I created this rule in the pfSense web console.

              You're not really using the console right?
              Because if you are…. urdoinitwrong.

              Could you show screenshots of the rules? (from the webgui).
              Also did you read the link i provided?
              i'm refering to this part:

              Rules:
              Rules are processed from top to down.
              If a rule catches the rest of the rules is no longer considered.
              Per default a "block all" rule is always in place (invisible below your own rules).

              Traffic is filtered on the Interface on which traffic comes in.
              So traffic comming in on the LAN-Interface will only be processed from the rules you define on the LAN tab.

              We do what we must, because we can.

              Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

              1 Reply Last reply Reply Quote 0
              • W Offline
                whitney
                last edited by

                I am aware of that rule. I am expected my rule to be matched. Here is the web console:

                pfSense.png
                pfSense.png_thumb

                1 Reply Last reply Reply Quote 0
                • GruensFroeschliG Offline
                  GruensFroeschli
                  last edited by

                  Traffic is filtered on the Interface on which traffic comes in.
                  So traffic comming in on the LAN-Interface will only be processed from the rules you define on the LAN tab.

                  Your rule is on the WAN interface.
                  You want to allow traffic from the LAN interface.

                  We do what we must, because we can.

                  Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                  1 Reply Last reply Reply Quote 0
                  • W Offline
                    whitney
                    last edited by

                    No. I want traffic to pass from the WAN to the machine on my LAN. I am sending traffic to 10.99.99.6

                    1 Reply Last reply Reply Quote 0
                    • W Offline
                      whitney
                      last edited by

                      Here is a screen shot of the log. Packets are definitely coming in on the WAN IF

                      log.png
                      log.png_thumb

                      1 Reply Last reply Reply Quote 0
                      • GruensFroeschliG Offline
                        GruensFroeschli
                        last edited by

                        If you are looking for help on the forum because you have a problem:
                        provide as much information as possible.
                        (log-outputs, screenshots of config/rules, etc.)
                        Often a Diagram (ASCII ART ?) can help more than pages of descriptions how your network is set up.

                        But i think i figured out what you want.

                        Client
                                  |
                                  |
                                  |
                              physical
                              WAN(10.99.99.6)
                            pfSense
                              LAN(172.16.150.2)
                                virtual
                                  |
                                  |
                                  |
                                  |
                              172.16.150.3
                              virtual Server

                        You run a mailserver on 172.16.150.3 and you want to be able to connect to 10.99.99.6 and access this mailserver.
                        For this to work you need to forward the ports on which your server is reachable.
                        just a firewall rule is not enough.
                        Create forwardings under Firewall–>NAT

                        We do what we must, because we can.

                        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

                        1 Reply Last reply Reply Quote 0
                        • W Offline
                          whitney
                          last edited by

                          Ah ha! You are right. That is the piece that I was missing. Cool. Thanks for your help.

                          Whitney

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.