[pfSense] block DNS queries to external resolvers rule

2017-09-30 Thread Antonio 
Hi,

I tried to add the "block DNS queries to external resolvers" as
described here
(https://doc.pfsense.org/index.php/Blocking_DNS_queries_to_external_resolvers
) to my LAN config and noticed that traffic would not go anywhere on the
LAN until I disabled the the two rule below on port 53. With rules 1,4,5
below, all works well. When I switch on 2 and 3 too, browser stops
working and all traffic on LAN goes nowhere. Why would this be?

Thanks



ProtocolSource  PortDestination PortGateway 
Queue   Schedule
Description Actions
1

1 /3.61 MiB 
*   *   *   LAN Address 443
80  *   *   
Anti-Lockout Rule   
2

0 /0 B 
IPv4+6 TCP/UDP  *   *   LAN address 53 (DNS)*   
none    Allow DNS to
pfSense/DNSMASQ/OpenDNS 
3

0 /21 KiB 
IPv4+6 TCP/UDP  *   *   *   53 (DNS)*   none
    Block DNS to everything
else
4

1 /44.34 MiB 
IPv4 *  LAN net *   *   *   *   none    
Default allow LAN to any rule   
5

0 /0 B 
IPv6 *  LAN net *   *   *   *   none    
Default allow LAN IPv6 to any rule  

-- 

Respect your privacy and that of others, don't give your data to big 
corporations.
Use alternatives like Signal (https://whispersystems.org/) for your messaging 
or 
Diaspora* (https://joindiaspora.com/) for your social networking.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] Open ports between subnets

2017-09-30 Thread Antonio 
Hi,

I have a media app called EMBY on my android phone that is installed on
androide 7.1 mobile connected via pfsense wifi network (192.168.3.x). It
should try to connect to my server on the wired LAN at 192.168.2.X but
doesn't appear to do so  for some reason. I inspected firewall logs and
it says that packets from 192.168.3.7: (phone) to 192.168.3.1 are
blocked.  Its almost as if the packets couldn't get past the WIFI
gateway into the 192.168.2.X subnet even though I have a rule set up in
the wifi that:

a) allows a PASS for IPV4* packtes with source "LAN net" to destination
* -> "Default allow LAN to any rule"

b) allow IPV4 from 192.168.3.X any port to 192.168.2.2 any port

There must be something that I am missing but can't get my head around it.

Note that DHCP server on pfsense is assigning 192.168.3.7 to phone as
default via MAC address identification so its not a DHCP problem

Any clues on what I could be missing? why are the packets getting
blocked at 192.168.3.x? in the logs, there appear to be a lot of
requests from random ports on the mobile device to port 53.

Note that I have another device on the wifi network (a little Adafruit
ESP device logging  temperature) that is not having these problems and
is getting to the server no problem.

I hope you guys can help me work out what is wrong.

Thanks

Antonio

-- 

Respect your privacy and that of others, don't give your data to big 
corporations.
Use alternatives like Signal (https://whispersystems.org/) for your messaging 
or 
Diaspora* (https://joindiaspora.com/) for your social networking.

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold