Help with Firewall Troubleshooting
-
Hello pfSense experts,
I'm having some trouble with Firewall configuration. Despite having the rules (screenshots are attachments) applied on both interfaces (note that pfSense is configured as a bridge here), all of my packets to 192.168.100.50 keep getting blocked. It should also be noted that I can ping hosts at 192.168.100.45 and 192.168.100.54. The blocking of 192.168.100.50 isn't showing up in the firewall logs from what I can see (I grab the logs using FileZilla and then do a search with Notepad++ for 192.168.100.50). When I disable packet filtering, I can ping and navigate to the web interface, so it's obviously a pf problem. What should I be investigating next? I've got the pfSense book, but it doesn't suggest any other means of troubleshooting.
Back in the day, I used to use a Cisco Ironport which was pretty terrible except it had this one cool feature where you could simulate a packet and it would show you what rules it applied to it.
For example, let's say I simulated a packet from 192.168.100.3 to 192.168.100.50.
It would tell me what rule it matched and what conditions caused this matching.
Does pfSense have something similar? Is this worthy of a feature request?
Let me know if you have any advice or what I should investigate next,
Seannytl;dr
Is there any reason why traffic would be dropped and not be logged despite having logging enabled on all rules.
-
Is there anything in the floating rules?
-
Can you attach a packet capture from the LAN interface, taken when you are attempting to do a ping towards 192.168.100.50?
Are you sure that the ping isn't being blocked further upstream, or that this is an ARP issue or something similar?