Firewalling Virtual IP Address
-
My ISP give us a /29 network. Router is using .235 and I've set up a virtual IP as an Alias at .237. I'm trying to block SSH to .237 and set up a firewall rule with any source to destination .237 on port 22 dropped. After some testing the rule wasn't working so I did a tcpdump looking for traffic to that .237 VIP and didn't see any traffic at all. How does the pfSense handle VIPs and how would I set up firewall rules for it?
Thanks.
edit: destination port 22 not source. typo.
-
The source port should be any, the destination port should be 22 (SSH).
-
Ah, thank you. That is what I configured, just typed it out wrong. Corrected OP.
-
Is your deny rule before the rule that permits traffic? The ruleset is processed top down.
-
Yes, it is the very first rule (top of the list).
-
Is this a 1-1 nat? If so, use the private address, not the public. Firewall is applied post NAT.
