Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Denied access from remote network

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 2 Posters 582 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      FromRome
      last edited by

      Hi all.
      I just configured my pfsense firewall for internet connection. In lan network i configured tre static route for remote network. From pfsense lan network to remote network are ok all traffic. From remote network to pfsense network only ping. Why? This is a log firewall default deny rule ipv4. I try to configure a lan rule with any any for all traffic but not work. I try to configure Bypass firewall rules for traffic on the same interface but not work.
      Thanks.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by johnpoz

        draw up your setup.. Have no clue what your trying to do without a drawing. Remote network to where? over the internet? Some upstream or downstream router - what is the transit network, etc.

        Sounds like your trying to use your lan as a transit to some downstream network. That is going to be asymmetrical for anything on the lan trying to talk to downstream network.

        What are you lan rules if your trying to let this downstream network out? Is your outbound nat natting this downstream network?

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • F
          FromRome
          last edited by

          @johnpoz said in Denied access from remote network:

          draw up your setup.. Have no clue what your trying to do without a drawing. Remote network to where? over the internet? Some upstream or downstream router - what is the transit network, etc.

          In my lan 1.1.1.x i have a router 1.1.1.2 that connect remote network 2.2.2.x. From lan 1.1.1.x i can connect every things in 2.2.2.x network. But from 2.2.2.x i can send only ping. Internet access it's ok.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            That doesn't look like a drawing... And really your going to obfuscate rfc1918 space?

            Are there any hosts on this lan network? Any traffic to this downstream network is going to be asymmetrical unless you host route.

            Any downstream network of pfsense should be via a transit network..

            So 2.2.2 talks to device in 1.1.1, your downstream routers send it directly to host in 1.1.1 - but 1.1.1.x to answer has to send to pfsense, its gateway.. Pfsense is going to say F off - where was the syn for this traffic, I have no state - Im not going to send that traffic anywhere.

            If you want to talk from 2.2.2 to 1.1.1 you would need to source nat or create routes on every host in 1.1.1 saying hey to get to 2.2.2 talk to the downstream router at 1.1.1.Y

            This is why you connect via a transit network.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • F
              FromRome
              last edited by

              I just installed last release and restarted firewall. Now all it's ok. I can access in all network.
              Thanks.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.