Bug #6637
closed
pfSense blocks return traffic (mostly TCP) on 2.3.1-RELEASE-p5
0%
Description
Dear people,
I am setting up a host where I have my AP's connecting to the pfSense box over IPSEC.
I use the "transport" method for that, so that every traffic between the devices is encrypted.
Over that I setup a GIF tunnel (GRE does not seem to work, at this moment), and use OSPF to route the nodes with a default gateway towards the pfSense box.
Now I am hitting an issuse where outgoing TCP traffic over the WAN interface is passing out fine.
The machine also receives the Syn/Ack from the remote host perfectly.
pfSense only immediately sends out a ICMP Host unreachable notice when getting the Syn-Ack back.
I can work around this by disabling the default deny rules:
#---------------------------------------------------------------------------- default deny rules
#---------------------------------------------------------------------------
block in log inet all tracker 1000000103 label "Default deny rule IPv4"
block out log inet all tracker 1000000104 label "Default deny rule IPv4"
but then ofcourse the entire firewall is wide open because nothing will be blocked.
This seems like a strange situation, which normally does not occur if you pass traffic (stateful) through a firewall.
Please suggest on what I can do to mitigate this issue.
Thanks
Remko
Updated by 
Updated by 
Updated by 
Updated by