Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall issue on WAN interface (solved)

    Scheduled Pinned Locked Moved 2.0-RC Snapshot Feedback and Problems - RETIRED
    3 Posts 1 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Maverick
      last edited by

      Hello folks,

      we ran into a very tricky problem with the current RC1.

      We replaced our old linux router with a pfSense 2.0-RC1 (latest build). The pfsense works as a firewall-router between our DMZ and our local LAN. In our DMZ stands an IPSec gateway which routes together 2 networks (local LAN: 192.168.10.0/24; remote LAN 192.168.20.0/24; DMZ: 172.16.0.0/24). For the local LAN points a static route to the WAN interface of the pfSense (IPSec: 172.16.0.1; WAN pfSense: 172.16.0.254)
      One of the remote systems (A: 192.168.20.1) should be able to connect to one of the systems (B: 192.168.10.1) on our local LAN side (opt interface), but the B system should not be able to connect to system A. For that we build a firewall rule for the WAN interface (172.16.0.254) to allow all the traffic from system A to system B. The rule seems to work fine for any kind of TCP traffic.
      But for ICMP something goes wrong. As expected system B is not able to send a ping to system A. But system A isn´t able to send a ping too. But during sending a ping from A to B, B is able to ping A. So we think that the firewall opens the connection for the wrong direction for that case.
      If we try to ping system B directly from a DMZ system (VPN gateway: 172.16.0.1) everything works fine. If we use our old linux router everything works fine too.

      Thanks for your help

      1 Reply Last reply Reply Quote 0
      • M
        Maverick
        last edited by

        It has to do something with the different getways:

        http://forum.pfsense.org/index.php/topic,33554.0.html

        We changed the WAN gateway to the IPSec instead of the default gateway and everything works fine. It seems that all the traffic uses the WAN gateway instead of the gateway defined in the static route.

        We have defined two gateway (static routes).

        1. Default gateway
        2. Route to the remote LAN via IPSec router

        Is there any other way to define the static routes

        1 Reply Last reply Reply Quote 0
        • M
          Maverick
          last edited by

          If we set the gateway for the WAN interface to "none" it seems to work fine.
          Now the pfSense uses the right static routes.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.