Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    pfsense does not send packets from wan to lan.

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 2 Posters 742 Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      s_serra
      last edited by s_serra

      I have a pfsense and a server (on LAN) connected to pfsense. the server manages to send packets to wan, pfsense receives the reply from the wan, but the reply does not reach the server. (And tunnel gre is not established.)

      LAN -> WAN

      32b77f89-9d9c-477c-8ecc-c4f097f56531-image.png

      WAN -> LAN

      42833ac0-41b3-4ffd-91f4-11fa10f4b6d8-image.png

      LAN Firewall Rules

      a2350bfa-fddb-4a08-b456-f6b4c7ff82d5-image.png

      Thanks,
      Best regards

      1 Reply Last reply Reply Quote 0
      • stephenw10S Offline
        stephenw10 Netgate Administrator
        last edited by

        What do the states look like? There might be a conflicting state and because GRE has no ports that's a lot more likely.
        For that reason only one PPTP client behind pfSense can connect to the same external server.

        Steve

        S 1 Reply Last reply Reply Quote 0
        • S Offline
          s_serra @stephenw10
          last edited by

          @stephenw10
          aaf0670f-637e-488c-9ace-84e3858d1cae-image.png

          these are the states of the gre

          stephenw10S 1 Reply Last reply Reply Quote 0
          • stephenw10S Offline
            stephenw10 Netgate Administrator @s_serra
            last edited by

            It's not NATing the outbound traffic on WAN so there's no translation state to accept the incoming packets. In inbound state on WAN is the other side also trying to establish the unencrypted tunnel.
            Check your outbound NAT rules.

            Steve

            S 1 Reply Last reply Reply Quote 0
            • S Offline
              s_serra @stephenw10
              last edited by

              @stephenw10

              b5ba0476-77a3-4540-9d29-917549bf9a30-image.png

              this is wan's firewall rules

              1 Reply Last reply Reply Quote 0
              • stephenw10S Offline
                stephenw10 Netgate Administrator
                last edited by

                It doesn't look like there's a port forward associated with that rule on WAN so it shouldn't be there.

                Check the Outbound NAT rules in Firewall > NAT > Outbound

                Something is allowing that inbound state on WAN to be created without NAT and that may be conflicting with the outbound state preventing it.
                You don't appear to have a rule on WAN that would allow it so check the floating rules too.

                Steve

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.