Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] No access with a copied rule

    Scheduled Pinned Locked Moved Firewalling
    8 Posts 5 Posters 633 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      WhiteTiger-IT
      last edited by WhiteTiger-IT

      I am applying the first rules in pfSense.
      With the any / any rule I can navigate smoothly and access a remote server with FTP.
      (In this image it is in yellow)
      I copy the rule for ports 80/443/21; I disable the first one and I can no longer browse or access FTP.
      Where am I wrong? I do not understand.!

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        It would be more essential to see a screenshot of what you have now, while it isn't working, than what you had befor.

        1 Reply Last reply Reply Quote 0
        • W
          WhiteTiger-IT
          last edited by WhiteTiger-IT

          What is there is in the post is the screenshot of the rules page.
          They are the first that I created, before there were no other rules.
          The rule in yellow, if enabled I can surf and do FTP.
          If I disable it I am stopped

          The first two rules are instead towards my server in the DMZ (Alias = LS1) and they always work.

          1 Reply Last reply Reply Quote 0
          • Raffi_R
            Raffi_
            last edited by

            If what you say is true, you clearly have an issue with the ports in your LAN rules. Does the computer on the network have a statically assigned IP? I don't see a rule allowing pfSense to provide DHCP services (ports 67/68) on the LAN without that any rule enabled. If you don't have a valid IP, nothing will work.

            If the IP is not your issue and you want to figure out which ports you need to open, go to Diagnostics/Packet capture. Run a continuous capture on the LAN with the count set to 0 so that it will run until you manually stop it. Try to connect to the FTP and then go back into the packet capture menu and manually stop it. Check the capture to see what ports are being used during that time. You can download that file to wireshark and then filter for your own IP to narrow things down.

            1 Reply Last reply Reply Quote 0
            • W
              WhiteTiger-IT
              last edited by

              Maybe I don't explain it well.
              My PC is connected with the DHCP provided by pfSense and I am connected to the pfSense WebConsole, as seen from the snapshot.

              With those rules activated, if I also activate the rule highlighted in yellow (TCP any / any), then I can surf the Internet from the browser.
              If I disable this one rule, from now on I can no longer surf the Internet.
              So the two TPC rules (from any / any to LAN Net / HTTP & HTTPS) don't work in pfSense.

              In other words, I have to replace the any / any rule in individual rules for different services.

              1 Reply Last reply Reply Quote 0
              • S
                serbus
                last edited by serbus

                Hello!

                DNS needs UDP?

                John

                Lex parsimoniae

                DaddyGoD 1 Reply Last reply Reply Quote 2
                • DaddyGoD
                  DaddyGo @serbus
                  last edited by DaddyGo

                  @serbus

                  perfectly true, this is the default LAN (yellow) rule(s) IPv4 * and IPv6 *
                  the rest is TCP only

                  Cats bury it so they can't see it!
                  (You know what I mean if you have a cat)

                  1 Reply Last reply Reply Quote 0
                  • W
                    WhiteTiger-IT
                    last edited by

                    True, DNS goes over UDP and beyond FTP I have to open SSH since it is an SFTP connection.
                    Now everything works.
                    Thanks friends.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.