• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Firewall is blocking even if there is a fitting pass rule

Scheduled Pinned Locked Moved Firewalling
5 Posts 4 Posters 534 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    mode
    last edited by Mar 22, 2023, 7:01 PM

    Hi have a OpenVPN Client on a pfsense connected to an OpenVPN Server.
    An application on this Server should be able to connect to my printer 192.168.14.130 but FW says "NO"

    906180e0-b0ab-4d6d-bd8b-827c2e4c54ba-grafik.png

    But the first rule grants the access
    60cf54f0-5df4-456c-b79a-84406f36680e-grafik.png

    Whats wrong here?

    BR

    S J J 3 Replies Last reply Mar 22, 2023, 7:20 PM Reply Quote 0
    • S
      SteveITS Galactic Empire @mode
      last edited by Mar 22, 2023, 7:20 PM

      @mode The 0/0B means none of those rules have matched anything, though it does look like they should.

      Check Status > Filter Reload to see if an error is displayed. Click the Reload Filter button on that page to force a new filter reload.

      192.168.11.1 is the VPN client's IP?

      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
      Upvote 👍 helpful posts!

      1 Reply Last reply Reply Quote 0
      • J
        Jarhead @mode
        last edited by Jarhead Mar 22, 2023, 11:22 PM Mar 22, 2023, 11:21 PM

        @mode Source is 11.1? That seems like it would be a gateway address.
        Set the source to any to test it and then to the correct address to fine tune.

        1 Reply Last reply Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator @mode
          last edited by johnpoz Mar 23, 2023, 12:02 AM Mar 22, 2023, 11:55 PM

          @mode do you have anything in floating? Not sure why your firewall rule is not showing you what rule desc and ID of what blocked it.

          Do you have it sent not too load?

          rule.jpg

          As mentioned those rules don't look to have ever triggered, so you would assume something else is blocking before those rules are evaluated - floating rule would do that.

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          M 1 Reply Last reply Mar 23, 2023, 1:12 PM Reply Quote 1
          • M
            mode @johnpoz
            last edited by mode Mar 23, 2023, 1:18 PM Mar 23, 2023, 1:12 PM

            @johnpoz
            Thanks! After displaying the rule description i noticed that for my OpenVPN Client all incoming Traffic in checked against the Rules in the "OpenVPN" Tab and not against the rules in the "SERVER_VPN_NEU" Tab. In OpenVPN was only one block Rule only which i identified after displaying the rule description in the log.
            I do not know why there is Interface SERVER_VPN_NEU in the log but rules are checked against OpenVPN.

            I added the pass rule in OpenVPN and now it is working! Thanks all!

            1 Reply Last reply Reply Quote 0
            5 out of 5
            • First post
              5/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
              This community forum collects and processes your personal information.
              consent.not_received