Outbound Firewall Question\Issue
jetter555 last edited by
I just started using pfSense and so far I think its awesome. I have my Firewall IP set at 192.168.0.1, I also have
a subnet for the wireless (10.0.60.0). I have a static route in pfsense so that it knows how to reach the wireless subnet.
I then created an outbound rule in the firewall to allow the LAN network 10.0.60.0 to reach the internet. Once i did that
the wireless subnet could get to the internet. The problem im having is some devices, like my phone, wont get email
when there on the home wifi. If I check the firewall log, i can see it blocking the phones internal ip when its trying to
connect to yahoo to get email. the internal ip is part of the 10.0.60.0 subnet. sometimes the phone can get email, sometimes not.
When i browse the firewall log i see alot of wireless ip addresses being blocked from various ip addresses on the internet. for the destination
on the outgoing rule. I have "any" set. So why is pfsense blocking it? Also, the log has this "Block snort2c hosts (1000000118)" listed
for all the blocked ip address. I do have snort installed, but even if i disable it i still get those blocks. What am I doing wrong?
Gertjan last edited by
. What am I doing wrong?
First : Remove snort. Use 'complicated' packages when the basics are running well.
It would be way easier if you showed us the firewall rules you have on interface OPT1. (your 10.0.60.0? interface).
By default, the LAN interface has a firewall rule that lets in everything - 'in' because the trafic comes into the interface to go elsewaher, for example, your WAN ( = Internet) or even 10.0.60.0 or whatever).
For other interface this rules isn't present by default.
Actually, you already have your answer, when you say:
i see alot of wireless ip addresses being blocked from various ip addresses on the internet. for the destination
on the outgoing rule. I have "any" set. So why is pfsense blocking it?
Answer : because of your rule.
Or because of snort.
If nothing else take snort out of blocking mode. Removing it (for now) would be better.