[SOLVED] Firewall Pass Rule not working



  • Hi community,

    i need your help with some strange firewall rule behaviour.

    A TerminalServer needs to communicate with a Server, that is behind a pfsense fw.

    TS got the IP: 10.248.1.15/16
    ServiceServer IP: 10.160.253.2/24
    pfsense lan IP: 10.160.253.254/24

    I created following rules:

    pass - any/any IP4 from 10.248.1.15/16 to 10.160.253.2/24
    pass - any/any IP4 from 10.160.253.2/24 to 10.248.1.15/16

    Now the TS wants to connect to the other Server on port tcp/9094 -> this isn't working…the firewall log says that:

    IF: LAN
    Source: 10.160.253.2:9094
    Destination: 10.248.1.15:54273
    Proto:TCP:R

    has been blocked.

    I can't fix this...i'm going crazy. If i deactive the pf packet filtering it works. NAT Outbound hasn't got any rules configured.

    it would be great if you can help me.

    best!



  • Asymmetric routing?

    It seems that the SYN packet from 10.248.1.15 to 10.160.253.2:9094 doesn't pass pfSense, but still reach its destination.
    Check the route from 10.248.1.15 to 10.160.253.2 with trace.



  • Posted firewall rules are useless without knowing what interface they're on.


  • Rebel Alliance Global Moderator

    Agreed.. Those posted rules are meaningless without knowing what interface they are on. And where they are in relation to other rules.

    If your having issues I would suggest you give us a drawing of your networks how they are connected.  Use a crayon and napkin if you have to and snap a pic of it with your phone ;)

    Post up screenshot of your interface rules.



  • you're the man.

    it's asymmetric routing. i unfortunately killed the routing config on the serviceserver (love that restores…..)

    thx for that hint!