Black Arrow in IF column in log
-
I have an ATT router and the WAN port of my PfSense box is connected to port 1 of that router, and it is set up as DMZ in the ATT router so the PfSense WAN IP is my actual Internet IP address. I have a lot of entries in the Firewall log that has a black arrow and "WAN" in the Interface column (see attached image) and the Source is my WAN IP and the target is an Internet external IP. The protocol is always TCP:FA or TCP:RA. Can someone please tell me what the black arrow in the IF column of the Firewall log is? Thank you in advance.
-
The arrow means it's being blocked in the Outbound direction.
https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection
https://doc.pfsense.org/index.php/Asymmetric_Routing_and_Firewall_Rules -
Thank you for the response. I had already researched and saw the page at the link you provided and went through the processes there. It did not resolve the issue.
I have set no-logged firewall rules both allowing and blocking the WAN interface (one at a time, not both at once) outbound access to any host, internal or external, using any protocol as well as TCP / all flags allowed, as a test. It still blocks it and logs it, telling me that the rule is not applying.
I believe the issue lies with a wireless router I have. I had flashed a Linksys/Cisco wireless router with DD-WRT and used one of their guides to set it up as a "dumb" switch. I then connected it to VLAN16 (192.168.16.0/24). All communications work well to and from the wireless hosts (ping, Internet access, etc).
These log entries only appear when a wireless host is connected (such as a laptop or cell phone) and 90% of the external hosts are Google servers (the are all android phones). So, I'm thinking it has something to do with the setup on the router. I'm looking further into it at DD-WRT's website. Thanks again for your response.
