• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

PfSense firewall blocking random web packets, large HTTP downloads just 'stop'

Scheduled Pinned Locked Moved Firewalling
3 Posts 2 Posters 3.6k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    growse
    last edited by Mar 22, 2013, 10:56 PM

    I've just set up a pfSense router, and am trying to figure out some strange behaviour. It's a fairly simple set up: I have a static IP from the ISP and a single PPPoE WAN interface and a single LAN interface. I've allowed DNS everywhere through the firewall, and browsing the internet generally works. I'm using pfsense 2.1-BETA1 (i386) from March 19th.

    Issues (these may be related):

    1. Large HTTP downloads will just 'stop' at some point, and never complete. I'm trying to download an ISO at the moment, and it has just given up at about 103MB out of 650MB. Despite multiple retries, 'large' downloads (things like ISOs etc) never complete.

    2. I'm seeting some strange things in the firewall logs about blocking outbound traffic on port 443:

    log entry:

    ```
    Mar 22 18:25:22 192.168.0.1 pf: 00:00:00.818527 rule 4/0(match): block out on pppoe0: (tos 0x0, ttl 63, id 3535, offset 0, flags [DF], proto TCP (6), length 893)
        Mar 22 18:25:22 192.168.0.1 pf:    <publicip>.44395 > 173.194.78.103.443: Flags [FP.], seq 2278533959:2278534812, ack 270462703, win 262, length 853</publicip>

    and

    Mar 22 18:32:10 192.168.0.1 pf: 00:00:22.972286 rule 3/0(match): block in on pppoe0: (tos 0x0, ttl 57, id 39991, offset 0, flags [DF], proto TCP (6), length 84)
        Mar 22 18:32:10 192.168.0.1 pf:    173.194.78.103.443 > <publicip>.3684: Flags [FP.], cksum 0x8cdd (correct), seq 1848167695:1848167739, ack 810363008, win 501, length 44</publicip>

    
The first appears to be a packet from me to a Google IP address bound for port 443\. The second appears to be a packet from the same IP, perhaps a response to a request. Why would this be blocked? In a typical NAT scenario, I would expect outbound packets to be permitted and established/related traffic to be permitted back in.

If this type of traffic is blocked, why can I otherwise browse the web? Why isn't it broken everywhere?

(I started to suspect this may be an MTU problem, so I made sure that the MTU was set at 1492 everywhere on the WAN side: on the ISP end, on the Modem (Draytek Vigor 120) and in the PPPoE WAN section of pfSense. Same thing still happens).
    1 Reply Last reply Reply Quote 0
    • C
      cmb
      last edited by Mar 23, 2013, 3:55 AM

      Those logs have nothing to do with the problem.
      http://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection,_why%3F

      The symptom indeed sounds like a MTU issue, lower/set the MSS clamping on WAN (MTU doesn't really matter there).

      1 Reply Last reply Reply Quote 0
      • G
        growse
        last edited by Mar 23, 2013, 11:45 AM

        Ah, thanks for the link on that. I'll stop being concerned about the logs  :)

        The MSS wasn't set before, I've set it now to 1492 (same as MTU) to see if it will help things. I need to read up more on what MSS does and how it might be helping/hindering.

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received