Pfsense inside to outside any

  • How should let lan network with [protocol any、port any] TO the destination with [protocol any、port any] .
    I try this in  "Firewall –-> Rules ---> LAN ---> ,and setting any any ,but the still do not access ,I found the way that is setting the in captive portal , is there have another way to do this , instead of setting in captive portal

  • Totally agree- I am most confused too.

    I set an access any rule in my LAN rules page, but a lot of TCP traffic gets blocked.

    ID Proto Source Port Destination Port Gateway Queue Schedule Description

    IPv4 * * * * * * none Default allow LAN to any rule 
    IPv6 * * * * * *      none  Default allow LAN IPv6 to any rule 
    IPv4 TCP/UDP * ftphost 20 - 21 * none   NAT Allow LAN 20 to ftpd

    But I see blocked traffic in the firewall log.  If I then set an explicit rule using the Easy Rule Add function, the traffic gets passed no problem.

    This is the rule it generates:
    IPv4 TCP * 993 (IMAP/S) * none   Easy Rule: Passed from Firewall Log View

    The only weird thing with my system is I'm using an Intel quad NIC and turned off IPV6 on each interface. I don't think this can matter (?). I've verified the same thing is happening with other protocols on other internal interfaces (LAN and OPT1, etc. ).

    Totally lost as to how this can happen, unless its a bug (?)

  • LAYER 8 Global Moderator

    Well you sure what your seeing as blocked is not just out of state?

    Without seeing your log and your rules there is no way to say what you might be doing wrong, or what the issue might be.

    BTW your ftp rule there is pointless..  you have any any rule above it.  And I can not think of any situation when dest of 20 would ever be used for ftp.  In an active connection the server would make a connection from source port 20 to port from the port command.  In no case would dest be 20 for the syn, or creation of the state.  And your dest 21 is useless with the any any above it.

    So if you think that rule is doing anything, your mistaken.  To what you created with your easy rule, again need to see what you think is being blocked or why your any any rule would not be firing.. Would need to see your logs to make a guess to the problem.

    To the OP, are you using captive portal?  If so then yes clients that go through the captive portal, the captive portal would be were you set the rules.  You don't want clients to use the captive portal, then you need to set that up.

  • LAYER 8 Netgate


    Totally lost as to how this can happen, unless its a bug (?)

    Goodness, it's a disease.