The firewall appears to be blocking outgoing text messages from my phone ...

gweempose

@akuma1x said in The firewall appears to be blocking outgoing text messages from my phone ...:

With a default install of pfsense, everything should work perfectly.

You mentioned that you are using your cell phone. How is this connecting into your network? Do you have access points for wireless, or an old wifi router acting as an access point, into your network? How is the wifi portion of your network setup?

Jeff

I am using an Asus RT-AC1900P router as my access point. It is in "Access Point" mode, so it is not operating as a DHCP server or doing any routing. It is in a centralized location in my home, so there is no need for any additional access points or repeaters. I have been using this device as an access point for a couple years and have never experienced this problem with my cell phone before. Prior to yesterday, I was running a SmoothWall as my firewall.

akuma1x

Ok, one last question. How is your access point connected to your network? Is it running via network cable to a switch, then the switch into pfsense? Or is it plugged into a network port on your pfsense box itself?

Jeff

gweempose

@akuma1x said in The firewall appears to be blocking outgoing text messages from my phone ...:

Ok, one last question. How is your access point connected to your network? Is it running via network cable to a switch, then the switch into pfsense? Or is it plugged into a network port on your pfsense box itself?

Jeff

The access point is plugged into a 24-port Netgear switch, which is plugged into the LAN1 port on the firewall.

akuma1x

@gweempose

Is this Netgear a smart (managed) switch, or an unmanaged switch? What’s the model number?

Jeff

gweempose

@akuma1x said in The firewall appears to be blocking outgoing text messages from my phone ...:

@gweempose

Is this Netgear a smart (managed) switch, or an unmanaged switch? What’s the model number?

Jeff

It's an unmanaged switch (model #JGS524).

https://www.amazon.com/NETGEAR-Ethernet-Unmanaged-Protection-JGS524NA/dp/B0002CWPW2/ref=sr_1_1?keywords=jgs524&qid=1554176903&s=electronics&sr=1-1

Gertjan

"Phones" never need dedicated incoming ports - the phone will contact any needed server on the net.
pfSense, by default will let any device using any port using any protocol.

What are the IP's being used on your device ? is this an IP obtained by DHCP from pfSense ? DNS, Gateway, etc all fine ?
What happens when you plug in the AP directly into the LAN port of pfSense ?

chpalmer

I wasn't aware that Android devices sent their text messages over anything else but the provider network..

Something change?

Gertjan

@chpalmer said in The firewall appears to be blocking outgoing text messages from my phone ...:

Something change?

Noop.
SMS is always using the "internal data career" of the provider. That's RFC I guess.
But, probably like iPhone to iPhone iMessages (the blue ones), these SMS's are IP based.

JKnott

@gweempose said in The firewall appears to be blocking outgoing text messages from my phone ...:

I'm very new to pfSense. I just connected and set up a Netgate SG-3100 yesterday. Everything appears to be working well, but outgoing text messages from my Samsung Galaxy phone are failing to be sent. I'm assuming the firewall is blocking them. All of the pfSense firewall settings are still at their defaults. Do I need to add an exception or open some specific ports to solve this problem?

Thanks!

Is this standard SMS? Are you using WiFi calling? Normally, SMS will use the cell network, unless WiFi calling is supported, which means the firewall shouldn't even be in the picture.

I wasn't aware that Android devices sent their text messages over anything else but the provider network..

Something change?

WiFi calling. If it's used SMS will go over the local WiFi connection to the Internet. It also provides seamless transition for voice calls, between the WiFi and cell networks, provided VoLTE is also used.

gweempose

@JKnott said in The firewall appears to be blocking outgoing text messages from my phone ...:

Is this standard SMS? Are you using WiFi calling?

The texts are only blocked when WiFi calling is turned on. When I turn the feature off, everything is fine.

I did a little research and I came across this thread over on the Verizon forums ...

https://community.verizonwireless.com/t5/Verizon-Wireless-Services/What-are-the-wifi-calling-firewall-ports-and-destination-IP/td-p/1080659

Is the information in the last post relevant to my situation? Does pfSense block VPN traffic by default?

NogBadTheBad

pfSense doesn't block anything out by default.

Does the WAN interface have a RFC1918 address ?

Post a screenshot of your LAN rules.

Is the ASUS connected to the LAN port via the switch or an OPT port ?

gweempose

@NogBadTheBad said in The firewall appears to be blocking outgoing text messages from my phone ...:

Does the WAN interface have a RFC1918 address ?

I don't know what a RFC1918 address is. How would I check?

Post a screenshot of your LAN rules.

I haven't made any changes or added any rules:

alt text

Is the ASUS connected to the LAN port via the switch or an OPT port ?

It is connected to the LAN1 port via the switch.

NogBadTheBad

@gweempose said in The firewall appears to be blocking outgoing text messages from my phone ...:

RFC1918

https://tools.ietf.org/html/rfc1918

10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)

You'd see if pfSense was blocking by looking in the logs, unless you've disabled log default drop rules:-

Status -> System Logs -> Firewall -> Normal View

Gertjan

@gweempose said in The firewall appears to be blocking outgoing text messages from my phone ...:

I don't know what a RFC1918 address is. How would I check?

Check : Interfaces > WAN (Inf)
There is a check box that states :

@gweempose said in The firewall appears to be blocking outgoing text messages from my phone ...:

Does pfSense block VPN traffic by default?

See it like this :
Traffic coming from devices connected to your interface called LAN filtered by your LAN firewall rules.
These are your rules :

Which is just fine for any existing protocol on planet earth.

What I do see is an IPv6 pass rule.
This rule is used !!! Which is just great. So you ISP also gives you an IPv4 and a IPv6 connection .... (without you even knowing this ?)
You talked about a Phone - not an iPhone but "the other one". I do not have a phone from that other brand, but I do know that IPv6 support for these devices can be ... messy or worse.

Just for testing : change your IPv6 pass rule (on the LAN Firewall tab) into a block rule. Apply the rule. This enforces "only IPv4".
It works now ?

gweempose

@Gertjan said in The firewall appears to be blocking outgoing text messages from my phone ...:

Check : Interfaces > WAN (Inf)
There is a check box that states :

My box is checked. Is it not supposed to be?

Just for testing : change your IPv6 pass rule (on the LAN Firewall tab) into a block rule. Apply the rule. This enforces "only IPv4".
It works now ?

I'll give it a shot and let you know.

akuma1x

@gweempose said in The firewall appears to be blocking outgoing text messages from my phone ...:

@Gertjan said in The firewall appears to be blocking outgoing text messages from my phone ...:

Check : Interfaces > WAN (Inf)
There is a check box that states :

My box is checked. Is it not supposed to be?

It is supposed to be checked if your pfsense box is your perimeter device and sits between your internal machines and the internet.

Jeff

NogBadTheBad

@NogBadTheBad said in The firewall appears to be blocking outgoing text messages from my phone ...:

Does the WAN interface have a RFC1918 address ?

gweempose

@NogBadTheBad said in The firewall appears to be blocking outgoing text messages from my phone ...:

Does the WAN interface have a RFC1918 address ?

Sorry. I forgot to answer your question. No, the WAN interface does not have an RFC1918 address. It is a standard IP address assigned by Comcast via DHCP and it starts with "67".

bmeeks

@gweempose said in The firewall appears to be blocking outgoing text messages from my phone ...:

@NogBadTheBad said in The firewall appears to be blocking outgoing text messages from my phone ...:

Does the WAN interface have a RFC1918 address ?

Sorry. I forgot to answer your question. No, the WAN interface does not have an RFC1918 address. It is a standard IP address assigned by Comcast via DHCP and it starts with "67".

As others have stated, out-of-the-box pfSense blocks nothing outbound from your LAN. It only blocks unsolicited inbound traffic on the WAN side.

Mostly likely what is going on is Comcast is providing you with an IPv6 address. They are one of the few ISPs in the U.S. that do that now by default. Android-based devices such as your Galaxy phone don't behave well yet with IPv6 on most LANs.

Try this to see if it helps. Go to your LAN interface settings and be sure the IPv6 address box is set to "none". Do the same on the WAN interface settings. Apply the settings in both locations. Make sure any prefix delegation settings are also turned off for IPv6 on the WAN. Disconnect and reconnect your phone to WiFi and try things again. Your phone should now be forced to use IPv4.

gweempose

@bmeeks said in The firewall appears to be blocking outgoing text messages from my phone ...:

@gweempose said in The firewall appears to be blocking outgoing text messages from my phone ...:

@NogBadTheBad said in The firewall appears to be blocking outgoing text messages from my phone ...:

Does the WAN interface have a RFC1918 address ?

Sorry. I forgot to answer your question. No, the WAN interface does not have an RFC1918 address. It is a standard IP address assigned by Comcast via DHCP and it starts with "67".

As others have stated, out-of-the-box pfSense blocks nothing outbound from your LAN. It only blocks unsolicited inbound traffic on the WAN side.

Mostly likely what is going on is Comcast is providing you with an IPv6 address. They are one of the few ISPs in the U.S. that do that now by default. Android-based devices such as your Galaxy phone don't behave well yet with IPv6 on most LANs.

Try this to see if it helps. Go to your LAN interface settings and be sure the IPv6 address box is set to "none". Do the same on the WAN interface settings. Apply the settings in both locations. Make sure any prefix delegation settings are also turned off for IPv6 on the WAN. Disconnect and reconnect your phone to WiFi and try things again. Your phone should now be forced to use IPv4.

I will give this a try when I get home.