On Tue 13 Feb 2018 10:09:41 NZDT +1300, Marco wrote:

> I'm not really used to debugging with pfSense, especially the
> logging features. What's the best way to check if that packet is
> blocked by pfSense somehow?

Rules only log when the logging flag is ticked. Even then I dislike to
rely on rules always logging when I need them to.

I'd suggest you use the packet capture function of pfsense. Limit to the
port(s) in question and it shows the traversing packets. It's reliable.
Run it on the pfsense intrface connected to your server.

The symptoms you describe (pfsense can see the server, a WAN host can't)
could be explained by a messed up routing table on the server. The
server can send packets back to the pfsense box because that IP is on
its own interface's IP space as far as the server is concerned, but any
WAN host would hit the server's gateway setting - if that is absent or
wrong the server reply goes nowhere.


Volker Kuhlmann                 is list0570 with the domain in header.
http://volker.top.geek.nz/      Please do not CC list postings to me.
pfSense mailing list
Support the project with Gold! https://pfsense.org/gold

Reply via email to