Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Tags not working, gateway down but pfsense still sending traffic over it... firewall basically not working

    Firewalling
    3
    4
    592
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DutchSamurai
      last edited by

      Hi,

      I'm struggling with getting the firewall part of pfsense to working anywhere half decent.

      Problem 1:
      I'm routing all traffic from 192.168.0.15 over a vpn so I made the following rule. However on disabling the gateway and checking my wan IP form that client, it somehow still shows the vpn IP. How is this even possible? No traffic should be possible if the GW is down.
      0_1550487623309_114e309f-3fab-417a-ac3b-53a685a2ff51-image.png

      Problem 2:
      Looking at the above screenshot, the 192.168.0.15 block GW_WAN rule doesn't work.

      Problem 3:
      Tagging doesn't work either. In the above 192.168.0.5 rule set NO_WAN_EGRESS as the tag. Created a floating rule blocking traffic with NO_WAN_EGRESS in the tag but all that does is block ALL traffic.
      0_1550488003973_c97389f8-8057-44b3-8834-874fe5707a49-image.png
      0_1550488013696_3d7f5654-0417-4282-a660-87c5ec75af37-image.png
      0_1550488019615_a2725ccb-16c0-4222-a6cd-33d749eee7d6-image.png

      So basically pfsense ignores the state of gateways and firewall rules. I'm sure I'm doing something wrong but makes no freaking sense at all.

      1 Reply Last reply Reply Quote 0
      • GrimsonG
        Grimson Banned
        last edited by

        Re-read: https://docs.netgate.com/pfsense/en/latest/book/firewall/index.html and https://docs.netgate.com/pfsense/en/latest/book/openvpn/index.html it will hopefully open your eyes.

        1 Reply Last reply Reply Quote 1
        • johnpozJ
          johnpoz LAYER 8 Global Moderator
          last edited by johnpoz

          @dutchsamurai said in Tags not working, gateway down but pfsense still sending traffic over it... firewall basically not working:

          it somehow still shows the vpn IP.

          You pulled routes from your vpn service.. If you want to policy route, you should not pull routes from your vpn service.. Click this in your vpn client setup

          0_1550488513398_pullroutes.png

          Now you can policy route.

          Also once a state is made, you would have to flush the state(s)... States are evaluated before rules.. Yup highly suggest you read up the links provided by Grimson.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.7.2, 24.11

          D 1 Reply Last reply Reply Quote 1
          • D
            DutchSamurai @johnpoz
            last edited by

            @johnpoz Thanks, that was the problem. Did a few quick tests with that setting enabled and now everything appears to be working as intended.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.