Firewall Not Following "Easy Rule"



  • Hello,

    I've come across an interesting issue that I cannot get my head around…

    I am trying to allow * on the WAN side to get to 10:0.0.1:6690. Pretty simple.

    IPv4 TCP	*	*	10.0.0.1	6690	*	none	 
    

    A respective port forwarding rule has been created within the NAT menu:

    WAN	TCP	*	*	WAN address	6690	10.0.0.1	6690
    

    I have pfblockerNG installed. It does not seem to be the issue. Clicking on the leftmost Red/Green box (Red in this case) in the firewall logs shows the following dialog within Chrome:

    The rule that triggered this action is:
    
    @9(1000000103) block drop in log inet all label "Default deny rule IPv4"
    

    I have tried "Easy Rule" in the destination column… and it seems to create a very similar rule to my attempts, just for 1 public IP though--at the bottom of the rule list. Still the logs continue to look like (copying the entire row) :

    block/1000000103
    Mar 2 21:10:40	WAN	Icon Reverse Resolve with DNS  Icon Easy Rule: Add to Block List guest-public-ip:61753	Icon Reverse Resolve with DNS  Icon Easy Rule: Pass this traffic 10.0.0.1:6690	TCP:S
    

    Any help with this would be appreciated.


  • Rebel Alliance Global Moderator

    And how are you testing this port forward config?  You outside or inside your network when you hit your public IP?

    Have you read through the troubleshooting doc for port forwarding..

    https://doc.pfsense.org/index.php/Port_Forward_Troubleshooting

    I can tell you for FACT that if you set it up correctly you would not have to be doing anything with easy rules..