Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewalling Virtual IP Address

    HA/CARP/VIPs
    2
    6
    1.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tmatthews14
      last edited by

      My ISP give us a /29 network.  Router is using .235 and I've set up a virtual IP as an Alias at .237.  I'm trying to block SSH to .237 and set up a firewall rule with any source to destination .237 on port 22 dropped.  After some testing the rule wasn't working so I did a tcpdump looking for traffic to that .237 VIP and didn't see any traffic at all.  How does the pfSense handle VIPs and how would I set up firewall rules for it?

      Thanks.

      edit: destination port 22 not source. typo.

      1 Reply Last reply Reply Quote 0
      • dotdashD
        dotdash
        last edited by

        The source port should be any, the destination port should be 22 (SSH).

        1 Reply Last reply Reply Quote 0
        • T
          tmatthews14
          last edited by

          Ah, thank you.  That is what I configured, just typed it out wrong.  Corrected OP.

          1 Reply Last reply Reply Quote 0
          • dotdashD
            dotdash
            last edited by

            Is your deny rule before the rule that permits traffic? The ruleset is processed top down.

            1 Reply Last reply Reply Quote 0
            • T
              tmatthews14
              last edited by

              Yes, it is the very first rule (top of the list).

              1 Reply Last reply Reply Quote 0
              • dotdashD
                dotdash
                last edited by

                Is this a 1-1 nat? If so, use the private address, not the public. Firewall is applied post NAT.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.