pfsense blocking access from other routers clients



  • 10.0.0.254 says
    The rule that triggered this action is:
    @57(12000) block drop in log quick on nfe0 inet from 10.0.0.0/8 to any label "Block private networks from WAN block 10/8"
    

    I'm trying to access Emby Media Server which is behind pfsense router from a different router's LAN.
    The server is hosted at 10.0.0.240:8096 on pfsense LAN, I have no problem accessing it from pfsense LAN, but when i try it from different router's LAN i get the above mentioned message in firewall log,
    both Pfsense and Mikrotik are connected to same DSL router. I tried NAT port forward, Pure NAT, NAT Reflection, blindly just test and try without knowing what i was exactly doing.
    I am most confused in the part, that I was able to create a Rule to forward RDP request over Internet and successfully connected with Remote Desktop Client which was on pfsense LAN. It didn't complained me then.
    Now when I'm trying to connect inside from my own house and it's blocking :-) ( I know pfsense has no idea i'm in home)
    I would be obligated if some one could show me the proper way and path on how to achieve it.
    Attached is worse Network Diagram by a Worst network engineer.network-diagram.jpg



  • @whitekalu said in pfsense blocking access from other routers clients:

    I know pfsense has no idea i'm in home

    Actually it does. Packets do not come from your gateway but other addresses of a private IP range.
    At Interfaces | Wan uncheck "Block private networks and loopback addresses" and you should be good to go.



  • @jahonix Thankyou so much it's working now.
    One curious question.
    while troubleshooting windows machine I used to turn off the firewall and boom everything used to work.
    will Unchecking that thing on WAN Interface some how loosen/weaken the firewall security ?
    I hope it's not like turning off the windows firewall to make something work. Just Curious, It's working though.
    Thanks



  • Can anybody please throw some light.
    Is this a workaround, Temporary Solution or this is the only way how it's done.
    even though it's working I think something weird about turning off the Block Private network on WAN IF
    Thanks



  • @whitekalu said in pfsense blocking access from other routers clients:

    Is this a workaround, Temporary Solution or this is the only way how it's done.
    even though it's working I think something weird about turning off the Block Private network on WAN IF

    RTFM: https://docs.netgate.com/pfsense/en/latest/interfaces/interface-settings.html#private-networks



  • @Grimson said

    RTFM: https://docs.netgate.com/pfsense/en/latest/interfaces/interface-settings.html#private-networks

    Thankyou Grimson, after Reading The Fine Manual.
    I concluded that
    since the WAN IF of pfSense router actually does not have a public IP and has a IP Address 192.168.1.253
    RFC1-918, I think it is secure from outside attack over internet even after turning off the block Private IP Address and loop back address and this is the proper way to configure and it's not a work around. Please correct me if i'm wrong.
    WAN-IF.JPG
    RFC-1918.JPG
    Thanks


Log in to reply