pfsense blocking access from other routers clients

whitekalu · Apr 1, 2019, 10:59 PM

10.0.0.254 says
The rule that triggered this action is:
@57(12000) block drop in log quick on nfe0 inet from 10.0.0.0/8 to any label "Block private networks from WAN block 10/8"

I'm trying to access Emby Media Server which is behind pfsense router from a different router's LAN.
The server is hosted at 10.0.0.240:8096 on pfsense LAN, I have no problem accessing it from pfsense LAN, but when i try it from different router's LAN i get the above mentioned message in firewall log,
both Pfsense and Mikrotik are connected to same DSL router. I tried NAT port forward, Pure NAT, NAT Reflection, blindly just test and try without knowing what i was exactly doing.
I am most confused in the part, that I was able to create a Rule to forward RDP request over Internet and successfully connected with Remote Desktop Client which was on pfsense LAN. It didn't complained me then.
Now when I'm trying to connect inside from my own house and it's blocking :-) ( I know pfsense has no idea i'm in home)
I would be obligated if some one could show me the proper way and path on how to achieve it.
Attached is worse Network Diagram by a Worst network engineer.login-to-view

jahonix · Apr 1, 2019, 11:52 PM

@whitekalu said in pfsense blocking access from other routers clients:

I know pfsense has no idea i'm in home

Actually it does. Packets do not come from your gateway but other addresses of a private IP range.
At Interfaces | Wan uncheck "Block private networks and loopback addresses" and you should be good to go.

whitekalu · Apr 2, 2019, 12:58 AM

@jahonix Thankyou so much it's working now.
One curious question.
while troubleshooting windows machine I used to turn off the firewall and boom everything used to work.
will Unchecking that thing on WAN Interface some how loosen/weaken the firewall security ?
I hope it's not like turning off the windows firewall to make something work. Just Curious, It's working though.
Thanks

whitekalu · Apr 2, 2019, 11:04 AM

Can anybody please throw some light.
Is this a workaround, Temporary Solution or this is the only way how it's done.
even though it's working I think something weird about turning off the Block Private network on WAN IF
Thanks

Grimson · Apr 2, 2019, 11:14 AM

@whitekalu said in pfsense blocking access from other routers clients:

Is this a workaround, Temporary Solution or this is the only way how it's done.
even though it's working I think something weird about turning off the Block Private network on WAN IF

RTFM: https://docs.netgate.com/pfsense/en/latest/interfaces/interface-settings.html#private-networks

whitekalu · Apr 2, 2019, 12:42 PM

@Grimson said

RTFM: https://docs.netgate.com/pfsense/en/latest/interfaces/interface-settings.html#private-networks

Thankyou Grimson, after Reading The Fine Manual.
I concluded that
since the WAN IF of pfSense router actually does not have a public IP and has a IP Address 192.168.1.253
RFC1-918, I think it is secure from outside attack over internet even after turning off the block Private IP Address and loop back address and this is the proper way to configure and it's not a work around. Please correct me if i'm wrong.
login-to-view
login-to-view
Thanks