Firewall blocking connections even with pass rules

[mpisman]

Hi,

Can someone explain me what am I doing wrong?

I am trying to setup a STUN server.

• I have 2 VLANs, LAN: 10.0.0.0/24 and LAN2: 10.0.2.0/24.
• The server is located on LAN2 with address 10.0.2.171 and port 3478.
• Two clients are located on LAN1, 10.0.0.101 and 10.0.0.120.

Firewall Rules:

• I have defined NAT rule to port forward anything with destination port 3478 to 10.0.2.171.
• I have also defined rules for LAN and LAN2 to pass traffic IN and OUT from any source/port to any destination if destination port is 3478.

(I know this is not the right way to do this, but I am just trying to manage to send packets from clients to the server).
Any packet from a client to the server is blocked (Default deny / state violation rule). Why are my rules not overriding the default ones? Please, see pictures.

Thanks for any help

[meyergru]

Multiple problems:

1. A STUN server needs two IPv4s. If your ISP only gives you one, you are out of luck (tm). So, the WAN NAT rule is pointless, also it seems you defined a bidirectional NAT rule?
2. If you want a local STUN server (for whatever purpose) on LAN2 and your clients come from LAN2, you will have to set up rules to allow access on port 3478 to both (!) IPv4s of the STUN server. That typ of traffic does never pass WAN at all.
3. Your rules are "in" and "out", usually you don't have to care about the "out" rules, because answers are not blocked per default, just allow "in" traffic from LAN on LAN2 and also check that your default outbound NAT to WAN does not catch that inter-LAN traffic by accident (which it should not if routing is correct).