PF 2.1 block rule - might be me but not working
-
I've never had an issue on 2.0.1 on block rules but I was just looking and I needed to block the web port for my freepbx. I thought I had it blocked but I guess I hadn't
I know that block rules go at the top and that's where I put this. The Ip in the destination is a IP Alias that's 1:1 natted to my internal addresses. What have I done wrong here.
-
Hi
Just to clarify, is the IP Alias a defined virtual IP? -
Yes I forgot to mention that!
-
Have you tried entering the private address that you are natting to?
Also, is there a HTTPS port open that your browser may be trying automatically - that one has caught me out a few times!
-
I blocked the HTTPS ports and made the rules for also the lan private ip. What I didn't figure is why I needed to block the private ip when I block the external IP (virtual ip)
Either way its working
Topic Closed
-
Because NAT works before the firewall rules. To the firewall, it's not going to the external IP, but to the internal.