Help with Firewall Troubleshooting



  • Hello pfSense experts,

    I'm having some trouble with Firewall configuration. Despite having the rules (screenshots are attachments) applied on both interfaces (note that pfSense is configured as a bridge here), all of my packets to 192.168.100.50 keep getting blocked. It should also be noted that I can ping hosts at 192.168.100.45 and 192.168.100.54. The blocking of 192.168.100.50 isn't showing up in the firewall logs from what I can see (I grab the logs using FileZilla and then do a search with Notepad++ for 192.168.100.50). When I disable packet filtering, I can ping and navigate to the web interface, so it's obviously a pf problem. What should I be investigating next? I've got the pfSense book, but it doesn't suggest any other means of troubleshooting.

    Back in the day, I used to use a Cisco Ironport which was pretty terrible except it had this one cool feature where you could simulate a packet and it would show you what rules it applied to it.

    For example, let's say I simulated a packet from 192.168.100.3 to 192.168.100.50.

    It would tell me what rule it matched and what conditions caused this matching.

    Does pfSense have something similar? Is this worthy of a feature request?

    Let me know if you have any advice or what I should investigate next,
    Seanny

    tl;dr
    Is there any reason why traffic would be dropped and not be logged despite having logging enabled on all rules.






  • Is there anything in the floating rules?



  • Can you attach a packet capture from the LAN interface, taken when you are attempting to do a ping towards 192.168.100.50?

    Are you sure that the ping isn't being blocked further upstream, or that this is an ARP issue or something similar?


Locked