Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall blocks intermittent LAN -> WAN traffic

    Scheduled Pinned Locked Moved General pfSense Questions
    11 Posts 4 Posters 2.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • lanratL Offline
      lanrat
      last edited by

      I recently switched to pfSense from DD-WRT and am having some problems.
      Lots of traffic from the LAN to the internet is being blocked by the firewall by the "Default deny rule".

      I don't understand why this is happening, I've searched around and most topics link to this (https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection) page. My understanding is that in this scenario the packets are being logged as blocked but are in fact correctly being routed. In my case there are actually connectivity issues.

      Can anyone point me in the correct direction to get this working? I've attached screenshots of the logs and firewall rules.
      Thanks.
      logs.png
      logs.png_thumb
      lan.png
      lan.png_thumb
      wan.png
      wan.png_thumb
      wan6.png
      wan6.png_thumb

      1 Reply Last reply Reply Quote 0
      • C Offline
        cmb
        last edited by

        Is the 2600:1010:8048:c052:: still your LAN IPv6 subnet? How is your LAN IPv6 configured?

        The fe80 blocks are correct given your firewall rules and general sanity, link local IPs can't be used to communicate to the Internet. That might just be because the public v6 can't get out.

        1 Reply Last reply Reply Quote 0
        • lanratL Offline
          lanrat
          last edited by

          2600:1010:8048:c052:: is not part of my LAN. IPv6 is configured as a 6in4 tunnel to my ISP

          I also pass all IPv6 tests.

          Is it normal for fe80 addresses to attempt to make requests like these?

          1 Reply Last reply Reply Quote 0
          • C Offline
            cmb
            last edited by

            That explains why then. Something on your LAN has that 2600:1010:8048:c052 IP assigned, which is being blocked because it's not "LAN net".

            It's not typical to have something initiating Internet-bound traffic from a link local IP. Guessing that might be the same host, it's failing back to trying that because its public v6 IP isn't working.

            1 Reply Last reply Reply Quote 0
            • lanratL Offline
              lanrat
              last edited by

              So that should explain one host having problems, but every computer on my network is having problems connecting to the internet. Including IPv4 only traffic.

              1 Reply Last reply Reply Quote 0
              • C Offline
                cmb
                last edited by

                That's not related to the blocked traffic shown there. DNS on clients work? Can they ping out? What's traceroute out look like?

                1 Reply Last reply Reply Quote 0
                • lanratL Offline
                  lanrat
                  last edited by

                  I tested disabling IPv6 and running the firewall for a day.

                  Overall the network seemed better, but I'm still getting logs of blocked packets. Do these look like they fall into this category https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection ?

                  Log is attached.

                  log2.png
                  log2.png_thumb

                  1 Reply Last reply Reply Quote 0
                  • johnpozJ Offline
                    johnpoz LAYER 8 Global Moderator
                    last edited by

                    Yes all of those blocks are out of STATE..  They are not syn packets being blocked.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    SG-4860 24.11 | Lab VMs 2.8, 24.11

                    1 Reply Last reply Reply Quote 0
                    • Y Offline
                      Yowsers
                      last edited by

                      Not sure if what I experienced was exactly the same as you but it appears to be similar.  The firewall blocks were cluttering my syslog server.  Ended up just unchecking "Log packets matched from the default block rules in the ruleset" located at Status->System Logs, Settings (status_logs_settings.php) and that stopped the spamming in the firewall logs for me.

                      1 Reply Last reply Reply Quote 0
                      • lanratL Offline
                        lanrat
                        last edited by

                        This did not solve the problem, I'm still having intermittent internet loss and extremely slow speeds.
                        It is hard to debug this because due to it being intermittent. Switching to DD-WRT always imitatively fixes the issues.

                        1 Reply Last reply Reply Quote 0
                        • lanratL Offline
                          lanrat
                          last edited by

                          Attached is another screenshot of the log.

                          Could there be anything other than the firewall that could be causing the problems I'm running into?

                          log3.png
                          log3.png_thumb

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.