Default rule driving me insane

hacktek00

This is a quick diagram of our setup.

• All 3 firewalls are connected to a common switch (230.0/24).
• Routing on pfsense goes like this:

192.168.210.0 -> 192.168.230.1 (smoothwall 1 nic)
192.168.220.0 -> 192.168.230.1 (smoothwall 1 nic)
192.168.150.0 -> 192.168.230.143 (smoothwall 2008 nic)

-230.0/24 is the subnet where all workstations are.
-220.0/24 is a server subnet

• 230.0/24 sees pfsense and vice-versa (this is the expected behavior).

Now the problem:

Even though i have set up an any/any rule for traffic on the LAN interface of pfsense i am having lots of problems with the default rule blocking a lot of things.

Couple of examples:

• Copying a file from 230.0/24 to 220.0/24 fails
• Remote desktop to 150.0/24 has constant disconnections

For those 2 examples i get a million log entries relating to the default rule blocking that traffic, even though there's a rule allowing it.

Traffic on the other 2 smoothwalls is permitted in the same way and no log is generated, so it must be pfsense.

Any ideas?

hacktek00

Case in point:

Remote Desktop Connection (Packets blocked by default rule)

May 1 01:08:33  LAN  192.168.230.141:55790  192.168.150.20:3389  TCP:A
May 1 01:08:33 LAN 192.168.230.141:55790 192.168.150.20:3389 TCP:P

File Copy

May 1 01:11:40  LAN  192.168.230.141:55870  192.168.220.3:445  TCP:R
May 1 01:11:30 LAN 192.168.230.141:55870 192.168.220.3:445 TCP:P

hacktek00

Just noticed the static route filtering option, after checking it everything started working fine.