Inter-Vlan Traffing Being Blocked
-
Hi,
I've run into an issue where inter-vlan traffic should be allowed, as per my permit rules, but it's being logged as blocked?
I've got a very simple setup, just 2 VLANs that I'd like to allow CERTAIN traffic between.
But right now I can't even pass anything which is odd...
Anything I can look at to investigate?
I do have a WAN port-forward for the same traffic, but I wouldn't expect that to mess with this inter-vlan traffic?
-
@Deadringers
It's the ACK packet, which is blocked:
So pfSense has no state for this connection and probably never created one. This means, the SYN packet didn't pass pfSense.
So I guess your VLAN is leaking outside of pfSense and the SYN packet went to the destination device directly, while the ACK is directed to pfSense.
Recheck the VLAN setup on the switch or whatever device is connected to pfSense and leaking it.
-
@viragomann said in Inter-Vlan Traffing Being Blocked:
@Deadringers
It's the ACK packet, which is blocked:
So pfSense has no state for this connection and probably never created one. This means, the SYN packet didn't pass pfSense.
So I guess your VLAN is leaking outside of pfSense and the SYN packet went to the destination device directly, while the ACK is directed to pfSense.
Recheck the VLAN setup on the switch or whatever device is connected to pfSense and leaking it.
I did “clear states” when tshooting and perhaps this is an artefact of this?
Will recheck but the PFSense box is the only thing that sits in both VLANS
-
@Deadringers said in Inter-Vlan Traffing Being Blocked:
I did “clear states” when tshooting and perhaps this is an artefact of this?
Could be, if the SYN packet passes the firewall before this.
However, if the client times out due to this it should establish a new connection after a short period of time.
Do you have trouble to connect? -
@viragomann said in Inter-Vlan Traffing Being Blocked:
@Deadringers said in Inter-Vlan Traffing Being Blocked:
I did “clear states” when tshooting and perhaps this is an artefact of this?
Could be, if the SYN packet passes the firewall before this.
However, if the client times out due to this it should establish a new connection after a short period of time.
Do you have trouble to connect?Hmm i can see traffic flowing just fine now so perhaps something got stuck in an odd state! Thanks again for your help mate.