IP Address in San Antonio, TX being blocked by pfB_SAmerica_v4
-
Hello,
I have a wifi thermostat that is trying to contact 191.238.242.203 which I show as being located in San Antonio, TX. However, per the logs below, the IP is getting blocked by the pfB_SAmerica_v4 auto rule. If I allow outbound to pfB_SAmerica_v4 the problem goes away. PFSense is showing pfblockerng to be on the latest package 2.1.1_11. PFSense is 2.4.0-RELEASE (amd64)
Can anybody tell me why the IP is being blocked by pfB_SAmerica_v4 auto when it appears to be in TX? If there's not a fix, how can I isolate what country within the South America country list is flagging the IP so I can allow just that country?
Any help is greatly appreciated.
Regards,
Tim in CO7 filterlog: 132,,,1770011309,igb2_vlan25,match,block,in,4,0x0,,64,10012,0,none,6,tcp,60,192.168.5.90,191.238.242.203,57579,80,0,S,3818633139,,2896,,mss;nop;wscale;nop;nop;TS
Action Time Interface Source Destination Protocol
Oct 17 08:57:16 VLAN25WIFIAPPLIANCES 192.168.5.90:58424 191.238.242.203:80 TCP:S
pfB_SAmerica_v4 auto rule (1770011309) -
Anyone, anyone?
-
http://www.dnsstuff.com/tools#whois|type=ipv4&&value=191.238.242.203
Seems to be Microsoft Azure in Brazil.
-
Cool. Thank you. Based on the URL you posted I think i now see how you figured that out. I'll use dnsstuff.com in the future.
Regards,
Tim -
I didn't check the URL in that post. It got broken in the middle.
However, I just noticed that pfSense's Diagnostics > DNS Lookup points to:
IP WHOIS @ DNS Stuff
and
IP Info @ DNS Stuffneither of these seem to work now.
-
No worries. I got the information I was looking for. Thanks again.
-
No worries. I got the information I was looking for. Thanks again.
As an FYI:
In the Alerts tab, you can click on the "I" infoblock icons and it will load a Threat Lookup page with several Threat Source lookup tools….