[SOLVED] Firewall Pass Rule not working
i need your help with some strange firewall rule behaviour.
A TerminalServer needs to communicate with a Server, that is behind a pfsense fw.
TS got the IP: 10.248.1.15/16
ServiceServer IP: 10.160.253.2/24
pfsense lan IP: 10.160.253.254/24
I created following rules:
pass - any/any IP4 from 10.248.1.15/16 to 10.160.253.2/24
pass - any/any IP4 from 10.160.253.2/24 to 10.248.1.15/16
Now the TS wants to connect to the other Server on port tcp/9094 -> this isn't working…the firewall log says that:
has been blocked.
I can't fix this...i'm going crazy. If i deactive the pf packet filtering it works. NAT Outbound hasn't got any rules configured.
it would be great if you can help me.
It seems that the SYN packet from 10.248.1.15 to 10.160.253.2:9094 doesn't pass pfSense, but still reach its destination.
Check the route from 10.248.1.15 to 10.160.253.2 with trace.
Posted firewall rules are useless without knowing what interface they're on.
Agreed.. Those posted rules are meaningless without knowing what interface they are on. And where they are in relation to other rules.
If your having issues I would suggest you give us a drawing of your networks how they are connected. Use a crayon and napkin if you have to and snap a pic of it with your phone ;)
Post up screenshot of your interface rules.
you're the man.
it's asymmetric routing. i unfortunately killed the routing config on the serviceserver (love that restores…..)
thx for that hint!