Default deny rule IPv4 (1000000103)
-
Hello,
I read lots of posts on this rule, but nothing seem to work for me.
I am getting blocked on these IPs
but I have rule to allow all on the interface
Can someone help how to overcome this rule please?
-
@hasekd those are out of state - see the SA (syn,ack)
I would assume mask mismatch.. 192.168.36.100 doesn't think 192.168.36.14 is on the same network - so it sees a syn from 36.14 and vs just answering, it sends it to pfsense to try and get there, well pfsense never saw the syn, so its out of state and yes would be blocked.
Are these devices suppose to be on the same 192.168.36.0/24 (255.255.255.0) network?
-
@johnpoz They should be on the same network. The 36.100 is connected via ethernet cable and the 36.14 is from wireless connection. But it is configured in pfsense from one VLAN. From the 36.x device I can ping the 36.100, but just can not access the web UI
-
@hasekd I would double check the mask on the 36.100 device and make sure its a /24
The only reason 36.100 would send its syn,ack to pfsense is if he thinks 36.14 is not on its network.
-
@johnpoz Thank you so much it worked. The 36.100 was 255.255.255.255
-
@hasekd glad you got it sorted.
