PFSense suddenly block all WAN traffic.
-
Can it connect out when that happens? Can you ping something from the console for example?
Is the console still responsive even?
I would expect something to be logged if this is an error or buffer exhaustion for example.
Steve
-
Backup configuration, and reinstall pfsense fresh with version 2.3.4
-
That's always an option and it's usually fast to do but if it were me I would want to try and see why it was happening. Otherwise there is every chance it would do exactly the same thing after restoring the old config into it.
Steve
-
Hi all,
It can connect out without problems… it's only the inbound traffic which is completely blocked.
Outgoing ping etc works, the console is also still responsive.
-
I assume you mean inbound on LAN? Since inbound traffic on WAN would be blocked by default.
Do you see the traffic blocked in the firewall logs? Assuming you have log default blocks still enabled, it would by by default.
If it happens spontaneously it's almost always a package, what packages do you have installed?
Steve
-
Hi Steve,
Inbound on both LAN & WAN (I have a few open ports on the WAN also).
On the console, I only see some UDP inbound connections being blocked… but nothing on TCP for example.
The issue started after updating to 2.3.4. Have been using the same Pfsense for years without any issues.
I only have 1 package installed, which is the openvpn-client-export package.
-
What version did you upgrade from?
-
Not sure sorry.
I do see there is a new update available now: 2.3.4_1…
-
Well you should upgrade to that but I don't think there was anything that went in that would affect this.
We need to find out what's actually happening here.
Are packets actually arriving at the firewall? A packet capture would show that.
https://doc.pfsense.org/index.php/Sniffers,_Packet_CaptureAre states being created? You can use pfctl -ss to see that from the command line, grep for something useful.
If they are not creating states, what is blocking that?
Something should be logged.Steve
-
I started with a fresh install, as suggested by tripplex, restoring the settings and that seems to resolve the issue.
I'm still monitoring if it remains online.
Once it happens again, I'll wireshark & check the states Steve.
Keep you guys updated!