Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    PF 2.1 block rule - might be me but not working

    Firewalling
    3
    6
    1196
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      mmidgett last edited by

      I've never had an issue on 2.0.1 on block rules but I was just looking and I needed to block the web port for my freepbx. I thought I had it blocked but I guess I hadn't

      I know that block rules go at the top and that's where I put this. The Ip in the destination is a IP Alias that's 1:1 natted to my internal addresses. What have I done wrong here.


      1 Reply Last reply Reply Quote 0
      • G
        Gob last edited by

        Hi
        Just to clarify, is the IP Alias a defined virtual IP?

        If I fix one more thing than I break in a day, it's a good day!

        1 Reply Last reply Reply Quote 0
        • M
          mmidgett last edited by

          Yes I forgot to mention that!

          1 Reply Last reply Reply Quote 0
          • G
            Gob last edited by

            Have you tried entering the private address that you are natting to?

            Also, is there a HTTPS port open that your browser may be trying automatically - that one has caught me out a few times!

            If I fix one more thing than I break in a day, it's a good day!

            1 Reply Last reply Reply Quote 0
            • M
              mmidgett last edited by

              I blocked the HTTPS ports and made the rules for also the lan private ip. What I didn't figure is why I needed to block the private ip when I block the external IP (virtual ip)

              Either way its working

              Topic Closed

              1 Reply Last reply Reply Quote 0
              • T
                timthetortoise last edited by

                Because NAT works before the firewall rules. To the firewall, it's not going to the external IP, but to the internal.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post