The port is blocked even it is allowed by rule

[norbo80]

Hello,

recently I noticed that ports are blocked even though they are allowed by the rule. The communication occurs between VLANS.

Example:

Code Select Expand

Interface Time Source Destination Proto Label
INT_media 2022-03-27T11:08:21 192.168.250.132:50182 192.168.100.10:2049 tcp U_INT_media_reject_private_networks
Rule:

Code Select Expand

<rule>
      <type>pass</type>
      <interface>opt2</interface>
      <ipprotocol>inet</ipprotocol>
      <statetype>keep state</statetype>
      <descr>Test NFS</descr>
      <direction>in</direction>
      <category>Media</category>
      <log>1</log>
      <quick>1</quick>
      <protocol>tcp</protocol>
      <source>
        <address>192.168.250.132</address>
      </source>
      <destination>
        <address>192.168.100.10</address>
        <port>2049</port>
      </destination>
     </rule>
If I temporary disable this rule:
 

Code Select Expand

  <rule>
      <type>reject</type>
      <interface>opt2</interface>
      <ipprotocol>inet</ipprotocol>
      <statetype>keep state</statetype>
      <descr>U_INT_media_reject_private_networks</descr>
      <direction>in</direction>
      <category>Reject inter network traffic</category>
      <log>1</log>
      <quick>1</quick>
      <source>
        <address>private_networks</address>
      </source>
      <destination>
        <address>private_networks</address>
      </destination>
          </rule>

in log i can see, that the port still blocked via default deny rule:

Interface      Time   Source   Destination   Proto   Label   
INT_media      2022-03-27T11:29:24   192.168.250.132:51620   192.168.100.10:2049   tcp   Default deny rule

This issue occurs on many  ports (nfs, plex, smb)

I will be grateful for any help.

[Patrick M. Hausen]

You probably have "Block private networks" enabled in the interface settings.

[norbo80]

I forgot to mention about it:  Block private networks on all interface settings is unchecked.