Getting a default denied rule after setting up the firewall rules

TimDows · Aug 12, 2009, 8:57 PM

Gonna try to connect a ubuntu machine here and try to open an external ssh session to it through pfSense.
Results are comming over :>)

TimDows · Aug 15, 2009, 1:57 PM

well here some test results:

After connecting my 10.0.0.10 (Local device) to the modem directly all was working fine (Puts the problem definitely at the pfSense configuration)
I did a reinstall of my pfSense machine with the 1.2.3-RC1 image and created the LoadBalacer, placed the firewall rules so the Internet was working.
Unfortunately after creating the NAT and some more firewall rules, no connection could be made.

I now have a modem directly connected to my local device so incoming connections bypass the pfSense firewall. Not the best way but works for now. If I find a solution in the near future I'll be sure to post it here!

Eugene · Aug 15, 2009, 2:00 PM

Can you make tcpdump on local device while connected directly to modem?

TimDows · Aug 15, 2009, 2:09 PM

@Eugene:

Can you make tcpdump on local device while connected directly to modem?

That will be very hard (The local device is a Cisco router)
Guess I can connect my ubuntu machine directly and run a dump on there!

Eugene · Aug 15, 2009, 2:55 PM

Fix it with ubuntu and then apply solution to cisco.

TimDows · Aug 15, 2009, 3:39 PM

@Eugene:

Fix it with ubuntu and then apply solution to cisco.

just tried to do this with ubuntu.
I'm able to connect to ubuntu over the local network (telnet and ssh)
Applying some NAT & Firewall rules give the same result as before, no syn,ack in tcpdump, while connecting from the interwebs.

Getting very frustrated because its lovley weather over here ;>)

Is there a 'workaround' for natting problems like this (Like turning off the firewall completely?)

regards from the netherlands

Eugene · Aug 15, 2009, 3:46 PM

It's lovely wheather here as well (sunny, 27C) but it should not affect our ability to fix this problem. Can you post tcpdumps of your local session to this ubuntu box and remote session (through pfsense)? Both dumps from ubuntu please.

TimDows · Aug 16, 2009, 2:26 PM

FINALLY!!!

I got it to work!

The solution:

I used OPT1 or OPT3 for the incoming connections, change this to WAN
All devices connected where configured with static IP addresses, configure for DHCP and set up DHCP-server on LAN
Make some NAT and firewall rules to LAN & WAN
+> Problem solved!

Eugene thanks for the support so far!