[SOLVED] Firewall Pass Rule not working
-
Hi community,
i need your help with some strange firewall rule behaviour.
A TerminalServer needs to communicate with a Server, that is behind a pfsense fw.
TS got the IP: 10.248.1.15/16
ServiceServer IP: 10.160.253.2/24
pfsense lan IP: 10.160.253.254/24I created following rules:
pass - any/any IP4 from 10.248.1.15/16 to 10.160.253.2/24
pass - any/any IP4 from 10.160.253.2/24 to 10.248.1.15/16Now the TS wants to connect to the other Server on port tcp/9094 -> this isn't working…the firewall log says that:
IF: LAN
Source: 10.160.253.2:9094
Destination: 10.248.1.15:54273
Proto:TCP:Rhas been blocked.
I can't fix this...i'm going crazy. If i deactive the pf packet filtering it works. NAT Outbound hasn't got any rules configured.
it would be great if you can help me.
best!
-
Asymmetric routing?
It seems that the SYN packet from 10.248.1.15 to 10.160.253.2:9094 doesn't pass pfSense, but still reach its destination.
Check the route from 10.248.1.15 to 10.160.253.2 with trace. -
Posted firewall rules are useless without knowing what interface they're on.
-
Agreed.. Those posted rules are meaningless without knowing what interface they are on. And where they are in relation to other rules.
If your having issues I would suggest you give us a drawing of your networks how they are connected. Use a crayon and napkin if you have to and snap a pic of it with your phone ;)
Post up screenshot of your interface rules.
-
you're the man.
it's asymmetric routing. i unfortunately killed the routing config on the serviceserver (love that restores…..)
thx for that hint!