Hello,
recently I noticed that ports are blocked even though they are allowed by the rule. The communication occurs between VLANS.
Example:
Interface Time Source Destination Proto Label
INT_media 2022-03-27T11:08:21 192.168.250.132:50182 192.168.100.10:2049 tcp U_INT_media_reject_private_networksRule:
<rule>
<type>pass</type>
<interface>opt2</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<descr>Test NFS</descr>
<direction>in</direction>
<category>Media</category>
<log>1</log>
<quick>1</quick>
<protocol>tcp</protocol>
<source>
<address>192.168.250.132</address>
</source>
<destination>
<address>192.168.100.10</address>
<port>2049</port>
</destination>
</rule>If I temporary disable this rule:
<rule>
<type>reject</type>
<interface>opt2</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<descr>U_INT_media_reject_private_networks</descr>
<direction>in</direction>
<category>Reject inter network traffic</category>
<log>1</log>
<quick>1</quick>
<source>
<address>private_networks</address>
</source>
<destination>
<address>private_networks</address>
</destination>
</rule>in log i can see, that the port still blocked via default deny rule:
QuoteInterface Time Source Destination Proto Label
INT_media 2022-03-27T11:29:24 192.168.250.132:51620 192.168.100.10:2049 tcp Default deny rule
This issue occurs on many ports (nfs, plex, smb)
I will be grateful for any help.
You probably have "Block private networks" enabled in the interface settings.
I forgot to mention about it: Block private networks on all interface settings is unchecked.