[SOLVED] No access with a copied rule



  • I am applying the first rules in pfSense.
    With the any / any rule I can navigate smoothly and access a remote server with FTP.
    (In this image it is in yellow)
    I copy the rule for ports 80/443/21; I disable the first one and I can no longer browse or access FTP.
    Where am I wrong? I do not understand.!



  • It would be more essential to see a screenshot of what you have now, while it isn't working, than what you had befor.



  • What is there is in the post is the screenshot of the rules page.
    They are the first that I created, before there were no other rules.
    The rule in yellow, if enabled I can surf and do FTP.
    If I disable it I am stopped

    The first two rules are instead towards my server in the DMZ (Alias = LS1) and they always work.



  • If what you say is true, you clearly have an issue with the ports in your LAN rules. Does the computer on the network have a statically assigned IP? I don't see a rule allowing pfSense to provide DHCP services (ports 67/68) on the LAN without that any rule enabled. If you don't have a valid IP, nothing will work.

    If the IP is not your issue and you want to figure out which ports you need to open, go to Diagnostics/Packet capture. Run a continuous capture on the LAN with the count set to 0 so that it will run until you manually stop it. Try to connect to the FTP and then go back into the packet capture menu and manually stop it. Check the capture to see what ports are being used during that time. You can download that file to wireshark and then filter for your own IP to narrow things down.



  • Maybe I don't explain it well.
    My PC is connected with the DHCP provided by pfSense and I am connected to the pfSense WebConsole, as seen from the snapshot.

    With those rules activated, if I also activate the rule highlighted in yellow (TCP any / any), then I can surf the Internet from the browser.
    If I disable this one rule, from now on I can no longer surf the Internet.
    So the two TPC rules (from any / any to LAN Net / HTTP & HTTPS) don't work in pfSense.

    In other words, I have to replace the any / any rule in individual rules for different services.



  • Hello!

    DNS needs UDP?

    John



  • @serbus

    perfectly true, this is the default LAN (yellow) rule(s) IPv4 * and IPv6 *
    the rest is TCP only



  • True, DNS goes over UDP and beyond FTP I have to open SSH since it is an SFTP connection.
    Now everything works.
    Thanks friends.


Log in to reply