Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] WAN traffic dropped by "Default deny rule IPv4"

    General pfSense Questions
    2
    5
    453
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kx93
      last edited by kx93

      Server listening on TCP/5062 in DMZ. Firewall rule and port forward NAT are setup for the range TCP/5061-5062. Firewall is virtualized on an ESXi. However pfSense shows it is blocking with "Default deny rule IPv4 (1000000103)" rule. TCPDump shows the traffic hitting the WAN interface but no traffic involving any other interfaces (like the DMZ interface). I'm using an Alias for the source IP in the WAN fw rule but also tried a single IP with the same result. Firewall log shows the block with the destination being the NAT private LAN and "TCP:S". I have another port on same server listening on TCP/8443 and it is behaving the same.

      pfSense-FW-WAN-5062.png

      pfSense-NAT-WAN-5062.png

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        @kx93
        In the rule you have to set the destination to the local devices, which forward the traffic to.

        K 1 Reply Last reply Reply Quote 1
        • K
          kx93 @viragomann
          last edited by

          @viragomann
          That is so wrong for pfSense to work like that. Gross.

          V 1 Reply Last reply Reply Quote 0
          • V
            viragomann @kx93
            last edited by

            @kx93
            pfSense provides you to add the rule automatically for you, when forwarding packets: "filter rule association" option.
            Use it, it does a great job. :-)

            K 1 Reply Last reply Reply Quote 1
            • K
              kx93 @viragomann
              last edited by

              @viragomann
              Yeah I did before you replied and that's actually what told me how it works haha. I thought "it can't be that".

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.