On Fri, Mar 13, 2009 at 12:50 AM, Brad Gillette <[email protected]> wrote: > pfSense is apparently blocking traffic when a connection is > already established or won't keep a connection alive.
Yep. I have exactly the same problem on 1.2.1. pfSense seems that it can't track the state of the connections made on the same interface but belong to different networks. It initially allows the connection as it is in the rules but later on *some* packets are dropped by the default rule even if there is an "Allow All" rule before it. Enabling "Static Route Filtering" to bypass firewall rules for traffic on the same interface didn't work for this problem. I also faced this problem with a Linux/Netfilter firewall but didn't try it on anything else yet (not even on pfSense 1.2.2). As a workaround I routed the traffic from the L3 switch before reaching pfSense but that left me with limited filtering capabilities :/ --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
