Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Traffic is blocked despite adding an exception

    Scheduled Pinned Locked Moved
    Firewalling
    3
    4
    673
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tomaszf
      last edited by tomaszf

      Hello.

      I have rules:
      firewa.jpg

      but trafic from 192.168.226.2 is still blocked:
      log.jpg

      Why and what i should to do?

      1 Reply Last reply Reply Quote 0
      • RicoR
        Rico LAYER 8 Rebel Alliance
        last edited by Rico

        Maybe Asymmetric Routing?
        Check https://docs.netgate.com/pfsense/en/latest/firewall/firewall-rule-troubleshooting.html
        and
        https://docs.netgate.com/pfsense/en/latest/firewall/troubleshooting-blocked-log-entries-due-to-asymmetric-routing.html

        -Rico

        2x Netgate XG-7100 | 11x Netgate SG-5100 | 6x Netgate SG-3100 | 2x Netgate SG-1100

        1 Reply Last reply Reply Quote 0
        • T
          tomaszf
          last edited by

          Thanks you Rico

          Floating rules is solution :)

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by johnpoz

            @tomaszf said in Traffic is blocked despite adding an exception:

            Floating rules is solution :)

            No prob not!!

            Did you read the article linked article.. That screams asymmetrical traffic... Looks like 192.168.226.2 started a conversation to 10.10.2.2 (http) and 10.10.2.2 answered (syn,ack) via sending to pfsense, but pfsense never saw the syn from 192.168 to open the state..

            The correct fix is to fix your asymmetrical issue, not allow non stateful traffic through.

            If you draw up your network we can help you figure out why asymmetrical

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.7.2, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.