Weird firewall internal mechanism
-
Hi,
I'm not sure if I'm posting in the good section, but here is my issue.
Here is a quick reference for my scenario.
pfSense version : 2.2
VLAN10 : 10.0.10.0/24
- Server1 : 10.0.10.1
VLAN20 : 10.0.20.0/24
- Server2 : 10.0.20.1
VLAN30 : 10.0.30.0/24
- Computer LAN
VLAN40 : 10.0.40.0/24
- Wifi
I have a firewall with multiple interfaces working with vlans. Each computer in vlan 30 and 40 were able to communicate with both Server1 and Server2. Suddenly, our firewall stopped allowing traffic from 10.0.40.0/24 subnet to Server1, while still allowing vlan40 to Server2 (I don't know if it is caused by a manipulation from someone). Everything was still working properly from VLAN30 to Server1 and Server2.
I reviewed every firewall rules, NAT rules and pretty much everything without finding the issue quickly. When I looked at the firewall tables, I noticed that the subnet 10.0.40.0/24 was inserted in <negate_networks>. Even if I remove the subnet from the table, once I reload the firewall rules, the subnet 10.0.40.0 is back there.
The only way I found to fix the problem was to change the Wifi subnet to 10.0.41.0/24. Even after changing vlan 40 subnet, 10.0.40.0/24 still persist in <negate_networks>.
I don't know what is the root cause of the problem and I'm not sure if the issue is directly related to the <negate_networks>table but it is a behavior I did never saw before. Does someone already had a similar issue or can someone give me a quick explanation on how a network subnet can be add to <negate_networks>table ?
Thank you !</negate_networks></negate_networks></negate_networks></negate_networks>