Pfsense on Proxmox: No traffic on LAN / Only seeing 224.x.x.x traffic on WAN

zzoro

Hi. Sorry if this is a newbie question. I'm having issues with blocking internet for specific IPs.

The topology: Modem > Router > Pfsense on Proxmox

The setup:
Proxmox network:
eth0: port 0 on nic
eth1: port 1 on nic
vmbr0: connected to eth0
vmbr1: connected to eth1

pfsense vm:
net0: vmbr0
net1: vmbr1

pfsense:
wan: vtnet0
lan: vtnet1

router gateway: 192.168.20.1
wan ip: 192.168.20.111
lan ip: 192.168.1.1

firewall rules:
WAN:
1)
action: allow
protocol: IPv4 ICMP
source: *
port: *
dest: *
port: *
gateway: *
queue: none
schedule:
Description: PING
2)
action: block
protocol: IPv4 *
source: 192.168.20.121 (a client)
port: *
dest: *
port: *
gateway: *
queue: none
schedule:
(logging on)

LAN:
1)
action: block
protocol: IPv4 *
source: 192.168.20.121
port: *
dest: *
port: *
gateway: *
queue: none
schedule:
(logging on)

Log:
Action: Block
Interface: WAN
Rule: USER_RULE
Source: 192.168.20.111
Destination: 224.0.0.251:5353
Protocol: UDP

There are no entries in the log for any PASS or BLOCK for LAN. The firewall rule for 192.168.20.111 is the same in WAN and LAN for testing purposes.

I think there's an issue with the LAN since there doesn't appear to be any traffic at all for LAN in the logs.

What am I missing here?

Patch

@zzoro said in Pfsense on Proxmox: No traffic on LAN / Only seeing 224.x.x.x traffic on WAN:

topology: Modem > Router > Pfsense on Proxmox

pfsense is a router / fire wall.
Why have you put it behind another router?
The modem at the front, is that another router?

While is possible to have a double NAT doing so complicates the system.
Have you configured pfsense to blocked LAN addresses on your WAN? Doing so would block internet connection to pfsense given your topology.