Netgate SG-1000 microFirewall

Author Topic: Why doesn't my Auto-created rule for LAN->WAN work in AON mode?  (Read 118 times)

0 Members and 1 Guest are viewing this topic.

Offline Dave R

  • Newbie
  • *
  • Posts: 21
  • Karma: +1/-0
    • View Profile
Why doesn't my Auto-created rule for LAN->WAN work in AON mode?
« on: January 03, 2018, 10:33:49 am »
I added an OpenVPN client to a VPN provider today following the guide here:

I only want HTTP,HTTPS and DNS going over the VPN interface. All other (ssh, NTP, etc) should use the WAN interface.

As I understand, when switching to AON (I was using Automatic) the automatic rules which were in effect are now applied as regular rules in the AON table.  I was not able to connect anywhere over the VPN link however. When I finally added a NAT Alias for 80,443, and 53, and applied it to a new rule (PIA VPN PORTS in the picture), then things started working again.

I noticed I cannot browse any Steam game servers however. Also, ssh access to some of my external servers is not working. I don't see in the docs ( anything about adding explicit egress ports for AON, so I must be missing something.

I noticed however that there is a rule (2nd from bottom in picture) which allows all of my internal LAN to the WAN port "auto created rule - LAN to WAN" so why isn't this rule working?
« Last Edit: January 03, 2018, 11:21:05 am by Dave R »