Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PFSense Blocking everything

    Firewalling
    3
    6
    723
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Brontide
      last edited by

      Hi,

      I have a basic network setup on Vmware

      LAN > PFSense > VSS > PFSense > LAN
      10.181.25.240/29 10.37.64.0/25

      I have explicit allow rules on the WAN side on both PFSenses for IPv4 any. I also have the default allow LAN to any on both LAN sides. I have unticked the default block rules on the WAN interfaces.

      I have setup gateways and static routes.

      the default gateway is to another PFsense on the VSS, but I have that powered down for the moment.

      If I have the firewall rules turned off (in advanced > firewall/NAT) then I can ping through both ways to the devices on the LAN side, but as soon as I turn on the firewalling I cant ping. Am I missing something obvious?

      thanks,

      johnpozJ J 2 Replies Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @Brontide
        last edited by johnpoz

        @brontide said in PFSense Blocking everything:

        Am I missing something obvious?

        Out of the box pfsense would nat between its wan and lan.. So if you have unsolicited inbound traffic into your wan interface, that you want to go to some device on the lan of pfsense you would need to setup a port forward, or a 1:1 nat..

        When you turn off the firewall nat is not done, nor any firewall rules - so now pfsense would just be a router, so if you had the routes correct then yeah your device coming into the wan would be able to talk to stuff on the lan.

        But if your going to firewall and nat, then you need firewall rules to allow the traffic and the nat to allow traffic hitting the wan IP to be forwarded to the lan IP you want to send that traffic.

        if you just want to use firewall rules, you would need to turn off the outbound nat on pfsense for the lan network your wanting to talk to from wan side.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.03 | Lab VMs 2.7.2, 24.03

        B 1 Reply Last reply Reply Quote 0
        • J
          Jarhead @Brontide
          last edited by Jarhead

          @brontide said in PFSense Blocking everything:

          Hi,

          I have a basic network setup on Vmware

          LAN > PFSense > VSS > PFSense > LAN
          10.181.25.240/29 10.37.64.0/25

          I have explicit allow rules on the WAN side on both PFSenses for IPv4 any.

          That will allow anyone on the "internet" through your firewall.
          Not a good idea.

          B 1 Reply Last reply Reply Quote 0
          • B
            Brontide @Jarhead
            last edited by

            @jarhead it's a private network. But thanks anyway

            J 1 Reply Last reply Reply Quote 0
            • B
              Brontide @johnpoz
              last edited by

              @johnpoz thanks, I'll try turning off nat

              1 Reply Last reply Reply Quote 0
              • J
                Jarhead @Brontide
                last edited by

                @brontide Yeah, I know. That's why I put quotes around it.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post