DMZ blockes tcp:sa

  • Hi All,

    I have a spacewalk server with a spacewalk client behind the pfsense. In the pfsense they blocked all traffic and i see: DMZ source ip : dest ip : tcp:sa (blocked)

    In floating rules (apply immidiatly) i added destination is ip A source is any allow and destination is any source = ip A allow . still i get the tcp:sa blocked ….

    Is there some way to let my spacewalk server communicatie with my clients without pfsense blocking it? (when i disable the firewall all works fine...)

    Any ideas or tips to solve this ( i tried port 80 and 443 to connect to the spacewalk server)

  • PFSense is configured to be stateful. It is impossible to create a rule that allows out of state packets. The firewall rules only apply to the creation of new states.

  • LAYER 8 Global Moderator

    Why would you be seeing SA before S??  More than likely you have asynchronous routing issue with SA..  When your client talks to your server its getting to your server via a different interface than your server is sending his answer to get to the IP that talked to him.

    This is most likely why your seeing out of state traffic - yeah pfsense would block…

Log in to reply