Firewall blocking traffic even with allow rule.

  • I have a strictly internal pfsense ( I'll call pfSense1) segregating 4 separate internal LANs and another external pfsense (I'll call pfSenseB) used for VPN access with the LAN port on the pfSenseB and LAN1 on pfSense1 on the same LAN.

    My rules allow pretty HTTP and ICMP from the VPN on pfSenseB into the LAN and I use the rules on pfSense1 to manage traffic to the back end LANs. I have a rule on pfSense1 to allow traffic from the VPN network on internal LAN1 to a server in LAN2 for HTTP. However with that rule, HTTP traffic still doesn't go through.

    IF I make the same rule in the floating tab and still limit it to the LAN1 interface only, traffic does go through. BUT, if I have both the floating tab and LAN1 tab rules enabled, traffic still does not go through. This seems to make sense based on what I have read that the floating tab allow rule still passes the packets through its corresponding LAN1 tab since I do not have the QUICK set in the floating tab rule.

    I have set the LAN1 rule which is giving me trouble to enable logging and the system firewall logs show that this traffic is passing, not being blocked, even though the web page never loads. No where else can i find something saying the traffic is blocked.

    Another interesting thing is that if I supernet the IP address of the LAN1 on pfSense1 to include the network of the VPN IPs, things start working also. OR if I turn off all packet filtering under the advanced menu, everything also starts to work. Lastly, pinging works everywhere, from every network to every other network.

    Therefore, since things work fine wilt packet filtering turned off, and pings work everywhere, I know I'm not dealing with a routing issue, but a firewall issue. The question is where is it being filtered?

    Sorry fro being long-winded, but I wanted to get as much relevant info as i could out there so we don't need to go back and forth on the main stuff.

  • Also, my goal is to figure out why this is happening, not JUST get it working. I know some things I can do to make it work, but I don't want to run my rules in the floating tab, I want the rules where they belong.


Log in to reply