Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Help with Floating rules

    Firewalling
    1
    1
    56
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      alessice last edited by alessice

      Hi, I'm using pfsense as firewall for our servers.

      I have the WAN and the NET interfaces, WAN is the upstream with public IP provided by the datacenter and NET is the network with our /24 public IP addresses. Servers have the public IP configured on eth0 interface and pfsense IP on NET as gateway.

      For some services we are using a Load Balancer (CentOS 6) with Direct Routing. Since we have some trouble with "► WAN Default deny rule IPv4" we added some rules as explained here under Manual Fix: https://docs.netgate.com/pfsense/en/latest/firewall/troubleshooting-blocked-log-entries-due-to-asymmetric-routing.html

      But in the first time rules under Floating was blocking all outbound traffic. After some test and reading I found as possibile solutions to set Floating rules as "inverted" (in term of source/destination IP) from WAN rules.

      Now servers works fine (we don't see any Default deny in System Logs) but I'm not sure if this setup is corretting, here the rules:

      WAN Rules:
      wan-rules.png

      NET Rules:
      qbox217-rules.png

      Floating Rules:
      floating-rules.png

      Advanced settings:
      sloppy.png

      Are these setting correct?
      Thanks

      1 Reply Last reply Reply Quote 0
      • First post
        Last post