Help with Floating rules



  • Hi, I'm using pfsense as firewall for our servers.

    I have the WAN and the NET interfaces, WAN is the upstream with public IP provided by the datacenter and NET is the network with our /24 public IP addresses. Servers have the public IP configured on eth0 interface and pfsense IP on NET as gateway.

    For some services we are using a Load Balancer (CentOS 6) with Direct Routing. Since we have some trouble with "► WAN Default deny rule IPv4" we added some rules as explained here under Manual Fix: https://docs.netgate.com/pfsense/en/latest/firewall/troubleshooting-blocked-log-entries-due-to-asymmetric-routing.html

    But in the first time rules under Floating was blocking all outbound traffic. After some test and reading I found as possibile solutions to set Floating rules as "inverted" (in term of source/destination IP) from WAN rules.

    Now servers works fine (we don't see any Default deny in System Logs) but I'm not sure if this setup is corretting, here the rules:

    WAN Rules:
    wan-rules.png

    NET Rules:
    qbox217-rules.png

    Floating Rules:
    floating-rules.png

    Advanced settings:
    sloppy.png

    Are these setting correct?
    Thanks


Log in to reply