[I2P] Status "firewalled" - everything else OK

  • Hi,

    I've replaced my SOHO router with a pfsense box 1 week ago, and successfully migrated all my previous setup. All hosted services (http/https/mumble/irc/etc…) are fine with the NAT configuration I've set up. Only one service is "making resistance": I2P.
    Before I go to them asking for how their "NAT OK/KO" test is done, I'd like to know if someone here successfully managed getting an I2P router fully working behing a pfsense device?

    What I've done:
    *created 3 ports aliases for TCP, UDP and TCP/UDP port I'd like to forward to the DMZ host.
    *created 3 "port forward" entries, each one with proto matching the right ports aliases. First I used "create new associated Filter rule" option, but then I tested with this param set to "pass" without much success for I2P.
    *everything works as intended... except I2P :)

    Additionnaly, I have no floating rules, and DMZ filters rules are permitting:
    *DMZ to "not" (to allow all traffic towards WAN)
    *DMZ to pfsense box DMZ address for NTP & DNS ports
    *everything else is rejected & logged

    So... I should see if I2P tries something strange but so far, I don't get any troubleshooting material through firewall logs.
    Help? :)

  • Sorry for the noise, it happears that pfsense is all fine as suspected.
    I2P detection is quite sloppy, especially when dealing with a fresh install (no network communication a I2P router not know, thus no detection from incoming datagrams, thus no communication etc…).

  • Ok, and finally, the "non static port NAT" default feature of pfsense didn't helped either (http://doc.pfsense.org/index.php/Static_Port)
    Setting static port to yes and now I2P is completely happy again.


Log in to reply