[SOLVED] Firewall Pass Rule not working

  • Hi community,

    i need your help with some strange firewall rule behaviour.

    A TerminalServer needs to communicate with a Server, that is behind a pfsense fw.

    TS got the IP:
    ServiceServer IP:
    pfsense lan IP:

    I created following rules:

    pass - any/any IP4 from to
    pass - any/any IP4 from to

    Now the TS wants to connect to the other Server on port tcp/9094 -> this isn't working…the firewall log says that:

    IF: LAN

    has been blocked.

    I can't fix this...i'm going crazy. If i deactive the pf packet filtering it works. NAT Outbound hasn't got any rules configured.

    it would be great if you can help me.


  • Asymmetric routing?

    It seems that the SYN packet from to doesn't pass pfSense, but still reach its destination.
    Check the route from to with trace.

  • Posted firewall rules are useless without knowing what interface they're on.

  • LAYER 8 Global Moderator

    Agreed.. Those posted rules are meaningless without knowing what interface they are on. And where they are in relation to other rules.

    If your having issues I would suggest you give us a drawing of your networks how they are connected.  Use a crayon and napkin if you have to and snap a pic of it with your phone ;)

    Post up screenshot of your interface rules.

  • you're the man.

    it's asymmetric routing. i unfortunately killed the routing config on the serviceserver (love that restores…..)

    thx for that hint!

Log in to reply