Strange MAC blocking



  • Hi,

    I have a problem that pfSense is blocking external traftic to WAN interface from one specific MAC address.
    Let me explane …
    I'm trying to connect from external network to WAN interface to port 80. (btw: this port is forwarded to web server in DMZ.).
    I notice that connection is not working just from one MAC address, if I change (macchanger eth0) MAC address, or use different PC, connection is working… I also experiment with different IP addresses on that MAC and none worked, so I'm pretty sure that problem is in MAC address.
    Well I'm pfSense newbie and I wonder ??? if it is possible that pfSense is somehow remembered (learned) my MAC for blocking it?



  • @brumela:

    Hi,

    I have a problem that pfSense is blocking external traftic to WAN interface from one specific MAC address.
    Let me explane …
    I'm trying to connect from external network to WAN interface to port 80. (btw: this port is forwarded to web server in DMZ.).
    I notice that connection is not working just from one MAC address

    What does this configuration look like? Do you mean you plug a system directly into the WAN interface of your pfSense? If so, depending on the NICs, you may need a cross over cable rather than a straight through cable. In the case with the allegedly "bad" MAC address, do both ends of the link see it as in the "running" state?



  • It doesn't care about MACs, in regards to filtering. If there's an IP conflict, such as the system has a virtual IP for that IP, that can cause weird behavior such as that. It's also possible, though extremely unlikely, that you somehow have the MAC of that system conflicting with a local MAC on the firewall or elsewhere, by using MAC spoofing inappropriately. Examining a packet capture of that host's traffic should show the issue.



  • What does this configuration look like? Do you mean you plug a system directly into the WAN interface of your pfSense? If so, depending on the NICs, you may need a cross over cable rather than a straight through cable. In the case with the allegedly "bad" MAC address, do both ends of the link see it as in the "running" state?

    No, over switch.


Log in to reply