Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall is blocking even if there is a fitting pass rule

    Firewalling
    4
    5
    429
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mode
      last edited by

      Hi have a OpenVPN Client on a pfsense connected to an OpenVPN Server.
      An application on this Server should be able to connect to my printer 192.168.14.130 but FW says "NO"

      906180e0-b0ab-4d6d-bd8b-827c2e4c54ba-grafik.png

      But the first rule grants the access
      60cf54f0-5df4-456c-b79a-84406f36680e-grafik.png

      Whats wrong here?

      BR

      S J johnpozJ 3 Replies Last reply Reply Quote 0
      • S
        SteveITS Rebel Alliance @mode
        last edited by

        @mode The 0/0B means none of those rules have matched anything, though it does look like they should.

        Check Status > Filter Reload to see if an error is displayed. Click the Reload Filter button on that page to force a new filter reload.

        192.168.11.1 is the VPN client's IP?

        Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
        When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
        Upvote 👍 helpful posts!

        1 Reply Last reply Reply Quote 0
        • J
          Jarhead @mode
          last edited by Jarhead

          @mode Source is 11.1? That seems like it would be a gateway address.
          Set the source to any to test it and then to the correct address to fine tune.

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator @mode
            last edited by johnpoz

            @mode do you have anything in floating? Not sure why your firewall rule is not showing you what rule desc and ID of what blocked it.

            Do you have it sent not too load?

            rule.jpg

            As mentioned those rules don't look to have ever triggered, so you would assume something else is blocking before those rules are evaluated - floating rule would do that.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.03 | Lab VMs 2.7.2, 24.03

            M 1 Reply Last reply Reply Quote 1
            • M
              mode @johnpoz
              last edited by mode

              @johnpoz
              Thanks! After displaying the rule description i noticed that for my OpenVPN Client all incoming Traffic in checked against the Rules in the "OpenVPN" Tab and not against the rules in the "SERVER_VPN_NEU" Tab. In OpenVPN was only one block Rule only which i identified after displaying the rule description in the log.
              I do not know why there is Interface SERVER_VPN_NEU in the log but rules are checked against OpenVPN.

              I added the pass rule in OpenVPN and now it is working! Thanks all!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post