Deny any rule error!!!
-
Hi All,
I'm experiencing a rather frustrating 'error' in pfsense at the moment. This has happened a couple of times previously but a reboot sorted it. Now, however its a constant problem. Basically everything is being blocked in and out. If I look in the firewall logs and click the 'blocked' box it says:
_"the rule that triggered this action is:
@107 block drop in log quick all label "default deny rule"_
But i've created a pass any rule both in and out (for testing currently).
I do have 2 firewalls running carp and I tried failing over to the backup. It worked for a little while and then the same thing seems to happen. Which is all the more confusing!
Any help at all would be much appreciated
Thanks
Ell
-
Can you post screenshots of your firewall rules?
A diagram of your setup and what you're using it for wouldnt hurt either. -
Attached are the LAN and WAN rules and a diagram of how my lab is setup. The untangle box is transparent. The primary box is a dell R200 and the backup is a sunfire V20Z.
I tried setting up a separate wan rule allowing all ICMP traffic and I was then able to ping out. But still no tcp (also after making a tcp any rule).
This morning I tried wiping both boxes and starting from fresh… evrything went fine until I set manual outbound NAT generation and edited the rule to go to my outside VIP, after which I get the same problem.
Thanks for your input
-
Well i've managed to realise that the problem seems to occur during setup. After i've set up my internal and external VIP's, I configure Advanced outbound NAT (internal network –> WAN VIP). As soon as I do this, I lose connection to the internet (though I can still ping out?!).
I hope this sheds some light...
