Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Weird behavior with 2.2RELEASE regarding some rules with gw groups

    Firewalling
    2
    2
    343
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      doucettom last edited by

      Hi all,

      I am trying to configure pfSense to firewall a FreePBX software, it is a complex setup that was working just fine with 2.1.5, firewalls are running in VMs in VMware 5.5

      So were we go:

      Interfaces (all but HA and MGMT have CARPed IPs used):
      WAN_1
      WAN_2
      VOIP_PRIVATE (10.0.0.4-5-6/24, .4 being the CARPed IP used)
      HA (172.25.0.1-2/30 used)
      LAN (192.168.200.1-2-3/24, .1 being the CARPed IP used as a default gateway for the PBX)
      MGMT (DHCP, for laptop direct cross-connect, lifesaver kinda)

      GW:
      WAN_1GW
      WAN_2GW
      VOIP_PRIVATE_PRI (10.0.0.1)
      VOIP_PRIVATE_SEC (10.0.0.254)

      GW Groups:
      DualWAN consisted of both WAN GWs
      DualVoIP with both VOIP_PRIVATE GWs which sit in the same subnet, it is normal.
      I do outbound NAT with CARPed IPs on WAN_1, WAN_2 and VOIP_PRIVATE.

      I set VOIP private Outbound NAT only on my provider's subnet (10.20.0.0/24)

      I also set firewall rules from LAN to a particular IP (10.20.0.10) to use DualVoIP gw
      Next LAN rule is LAN to any using DualWAN gw for WAN redundancy.

      I did not set a gw on VOIP_PRIVATE interface, I blocked bogon networks but not the private ones.

      The problem is that pfsense is still blocking from the PBX to the 10.20.0.10 IP even though I set it as a firewall rule which is first in the rule set for LAN interface. If I set a gateway directly in the VOIP_Private iface page, it works, but I need to reboot first and the DualVoIP gateway doesn't seem to work (if I disable VOIP_PRIVATE_PRI, it is still using it when I traceroute in the Linux box and from pfsense ping/traceroute page as well)

      1 Reply Last reply Reply Quote 0
      • marcelloc
        marcelloc last edited by

        Are you killing firewall States between firewall rules changes?

        Can you check with tcpdump if your outbound nat rules are working?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense Plus
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy