Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Is there a Reason why some Firewall rules are delayed?

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 3 Posters 2.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jits
      last edited by

      Hello.

      I recently added a Virtual IP for our email server and completed the NAT port forward configuration, but in this configuration I made a mistake and the internal port number was different from the external port number. Unfortunately, I caught this mistake only after all rules where "applied" and discovered I was unable to reach the webmail page which is set to http port 80.

      I made the corrections where necessary, as in the NAT Port Forward page and the related Firewall rules, however I still could not open the Webmail page using the external IP Address.

      At this point, I cleared all entries related to the Virtual IP, NAT Port Forward, and Firewall rules…rebooted PFSense and started again from scratch.

      This time instead of using Virtual IP, I opted for Nat Port forward with auto create firewall rule and "Applied" all.

      I was still unable to connect and waited some time with no joy as I re-tried. I then rebooted PFsense and left the crime scene.

      Some four hours later, I able to connect to our webmail no problem.

      I am wondering if there is a step I missed? Should I have cleared the firewall state tables? Would this have helped?  Is this behavior "normal" for PFsense and access under secure HTTP is very slow to load pages...is this also normal?

      I am asking for help to answer these questions, I would be grateful as this would help towards an additional manual for PFsense simple firewall configuration.  As Vyatta has excellent documentation, there is no reason whatsoever why PFsense, community based at that, cannot have the same and updated frequently at that.

      Thanks again for your help.

      1 Reply Last reply Reply Quote 0
      • GruensFroeschliG
        GruensFroeschli
        last edited by

        After you press the apply you see the message:
        "The settings have been applied. The firewall rules are now reloading in the background. You can also monitor the reload progress."
        Have you ever clicked the "monitor" link it provides?
        Depending on your hardware and how complex and extensive your rules are it can take quite a while until all the rules are rebuilt and actually loaded.

        We do what we must, because we can.

        Asking questions the smart way: http://www.catb.org/esr/faqs/smart-questions.html

        1 Reply Last reply Reply Quote 0
        • J
          jits
          last edited by

          okay. Thank You.

          The rules are not complex at this point and the hardware is a Dell R300 with 2GB RAM, 15k RPM hard drives, quadcore AMD processor. I am now wondering if I selected the wrong processor during install. Though there is a single processor, I selected multiple processor because the processor is a multicore processor. Is this wrong?

          1 Reply Last reply Reply Quote 0
          • jimpJ
            jimp Rebel Alliance Developer Netgate
            last edited by

            It may also be that there is an existing firewall state for the connection you are trying to block. An existing state from a previous allow rule will still allow traffic even if there is a new block rule.

            The state must first expire, or be cleared, then the rule will work for that connection.

            Other, new connections should be blocked by the rule.

            Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

            Need help fast? Netgate Global Support!

            Do not Chat/PM for help!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.