Forwarded port being blocked by firewall from SPECIFIC IPs
-
Goddamnit, post a screenshot. Noone's interested in deciphering the raw logs… Also, there's a feature that shows you which rule blocks the traffic. Use it.
-
I looked in the bogon when I first saw this.. And its not listed in bogon.. Check your pfsense bogon list.. But if that is what blocked it should say bogon vs default.
http://www.team-cymru.org/Services/Bogons/fullbogons-ipv4.txt
Atleast not the 176.0 you listed – did you edit that?? 176.101 is listed..
I am with dok on the screenshot.. Would make it much easier to read, and would jump out if blocked on out of state vs Syn block, etc.
-
First of all, thank you for your replies.
I am used to text formatted with tab-stops from mailing lists I guess. Sorry about that, here are the screenshots:
(In the second case though I am not sure why I screenshot would be better, but you got it anyway.)I used```
pfctl -t bogons -T show(The second OpenVPN rule, on top, is deactivated, and was just there for testing this issue.)
-
OMG why don't you set up the firewall logs display to some human readable format?! This shit ain't the default.
-
OMG why don't you set up the firewall logs display to some human readable format?! This shit ain't the default.
Ohhh yes it is. I updated this box from version I-don't-remember-anymore for years (4? 5? I think.) and didn't change anything in regards to the logging output.
Oh and btw: A freshly set-up 2.2.4 and updated to 2.2.5 has the exact same output (I set it up for my brother a few weeks ago).Maybe you could enlighten me as to how one would change that output?
-
So you have vpn port on 1194 forwarded into your lan or something? Why do you have 2 blocks there.. What is that block to, can not see what port? Why do you have 2 rules for openvpn to the wan address, with 1 being disabled? And then the bottom one enabled?
That is a shit load of forwards.. Why would you have so many that are both tcp and udp.. Do you run a lot of different p2p clients? Seems like a mess… Also with dok, showing the logs in raw doesn't help vs your other text posting.. Just show them as normal, see my example attached..
The allows on my wlan_psk are where my nest and harmony home go.. Like to keep an eye on their traffic and where they go and how often, etc.. So I log that traffic. I also seem to see a lot of noise to telnet and ssh.. Stupid bots ;)
edit you have it set for RAW, see my 2nd attachment.. Which is NOT the default that is for sure!!
-
So you have vpn port on 1194 forwarded into your lan or something? Why do you have 2 blocks there.. What is that block to, can not see what port? Why do you have 2 rules for openvpn to the wan address, with 1 being disabled? And then the bottom one enabled?
That is a shit load of forwards.. Why would you have so many that are both tcp and udp.. Do you run a lot of different p2p clients? Seems like a mess… Also with dok, showing the logs in raw doesn't help vs your other text posting.. Just show them as normal, see my example attached..
The allows on my wlan_psk are where my nest and harmony home go.. Like to keep an eye on their traffic and where they go and how often, etc.. So I log that traffic. I also seem to see a lot of noise to telnet and ssh.. Stupid bots ;)
edit you have it set for RAW, see my 2nd attachment.. Which is NOT the default that is for sure!!
Those are for a bunch of custom p2p clients, written in java. They are needed and haven't changed in… well.. 3 years.
I wrote why there are 2 OpenVPN rules in my post:
@show-p1984:(The second OpenVPN rule, on top, is deactivated, and was just there for testing this issue.)
It was added after functionality broke for testing and just disabled, not deleted. (which shouldn't be a problem)
About this logging: I don't know what you guys are talking about (seriously, I don't). I never saw that view you showed in your screenshot and I have no option to get it on the Firewall log page:
-
Sir. For goddamn sake UNTICK the 'Raw Logs' checkbox on the 'Settings' tab. Noone wants to see this unreadable shit. Seriously.
-
Sir. For goddamn sake UNTICK the 'Raw Logs' checkbox on the 'Settings' tab. Noone wants to see this unreadable shit. Seriously.
Thank you for explaining. It is in the realm of possibility that I changed that years ago and forgot about it.
I am not sure how this view differs from the earlier posted "Dynamic View" one, except the clickable buttons. -
I am not sure how this view differs from the earlier posted "Dynamic View" one
This view is much easier to read. Btw you can embed images directly here without having to link to an external site.
-
@KOM:
I am not sure how this view differs from the earlier posted "Dynamic View" one
This view is much easier to read. Btw you can embed images directly here without having to link to an external site.
I do understand that about the raw logs. Which is why I included the Dynamic View, with click-popup on the blocked rule in the very first post I made (before any edits). Yet everybody seems to have overlooked it, and you also did, because in my last post I said that there isn't much difference between the Dynamic View and the not-raw, normal view. I even reposted the images, so one could see that there are nearly no additions. (Except buttons and the option to add the rule which blocked the traffic, which can be seen with the onclick popup in the Dynamic View too…)
So I guess some people jumped at the chance to point out that they dislike thing a or b rather than properly reading and trying to help, which is more than frustrating.
Anyways... I enabled the rule-feature in the normal view, tried to connect from the offending network and from a passing network (both are mobile connections). See @attachment
Interesting thing:
If I add a rule using the "Easy rule feature" (putting it below my already existing rule) and setting it to "any source ip" the first traffic from the offending network is passed by my original rule the OpenVPN wizard created, not the new Easy Rule. Subsequent traffic is still blocked and hence the OpenVPN connection failed. If I delete the Easy Rule, all traffic from the offending network is dropped. The Easy Rule has no effect on traffic from passing networks.
-
So I guess some people jumped at the chance to point out that they dislike thing a or b rather than properly reading and trying to help, which is more than frustrating.
It's almost as frustrating as trying to help others who seem to lack common sense and go out of their way to not provide useful information, or expect it to be extracted much like a dentist extracts teeth. I'm not saying that you're doing that here because you're not, but that's the reaction from some of the regulars. It's not how I handle myself, but to each their own. I feel that if your natural reaction is to yell at the people you're trying to help, then maybe you're burnt out and need a break.