Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    The firewall appears to be blocking outgoing text messages from my phone ...

    Scheduled Pinned Locked Moved Firewalling
    127 Posts 19 Posters 35.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • chpalmerC
      chpalmer @gweempose
      last edited by chpalmer

      @gweempose said in The firewall appears to be blocking outgoing text messages from my phone ...:

      I mentioned it in the second post as soon as I realized it was pertinent.

      I see that now. And my post is in a generalization kind of way and not directed at you totally. Others that come by might benefit.

      :)

      Im wondering though if you looked at your state table to see what your phone is trying to connect to??

      Could you try static port on that particular connection to see if that helps.. My tablet seems to work out of the box on my Verizon account.

      Triggering snowflakes one by one..
      Intel(R) Core(TM) i5-4590T CPU @ 2.00GHz on an M400 WG box.

      docnickD 1 Reply Last reply Reply Quote 0
      • docnickD
        docnick @chpalmer
        last edited by

        @chpalmer You are right

        1 Reply Last reply Reply Quote 0
        • L
          lifespeed
          last edited by lifespeed

          Interesting thread. Two family members have Samsung phones that choked intermittently on wifi calling and SMS. Three other phones, Google Pixels from versions 2 to 3, work just fine.

          Seeing that this could be an IPv6 bug from Samsung on my IPv6-enabled network, I assigned them static IPv4 addresses. So far this seems to have cured the problem without causing me to disable IPv6 for the rest of my devices.

          You would think after all these years everything would work on IPv6. Apparently not.

          JKnottJ 1 Reply Last reply Reply Quote 0
          • JKnottJ
            JKnott @lifespeed
            last edited by

            @lifespeed

            Is IPv6 used for your WiFi calling? It isn't on mine. You can use Packet Capture to see what's used.

            PfSense running on Qotom mini PC
            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
            UniFi AC-Lite access point

            I haven't lost my mind. It's around here...somewhere...

            L 1 Reply Last reply Reply Quote 0
            • L
              lifespeed @JKnott
              last edited by lifespeed

              @JKnott Apparently this is an intermittent problem, the phone pulled an IPv6 address, and failed to receive a wifi call. So I rebooted it, after which it received a wifi call fine. I don't know if the call is going over IPv4 or v6. Really all I can tell at this point is the problem appears to be confined to Samsung phones, and rebooting seems to make it work for a while. I don't currently have a firewall rule passing WAN net inbound to LAN net on 500 and 4500, as it seems to work intermittently with or without these rules.

              JKnottJ 1 Reply Last reply Reply Quote 0
              • JKnottJ
                JKnott @lifespeed
                last edited by

                @lifespeed

                My Pixel 2 always gets an IPv6 address, whether on my home network or the cell network. It has nothing to do with the problem. You can run Packet Capture on UDP port 4500 to see if IPv4 is used or IP protocol 50 (IIRC) to see if IPv6 is used. The reason for the difference is that UDP is used to get around NAT on IPv4.

                However, given that it only applies to the Samsung phone and a reboot fixes it, that's likely where your problem is, and not with pfSense. Regardless, packet captures can often tell you a lot.

                PfSense running on Qotom mini PC
                i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                UniFi AC-Lite access point

                I haven't lost my mind. It's around here...somewhere...

                L 1 Reply Last reply Reply Quote 0
                • L
                  lifespeed @JKnott
                  last edited by

                  @JKnott Yeah, especially on Verizon, phones are IPv6. If I FTP into my media server using my Pixel 2 it shows an IPv6 address on Filezilla FTP server. I'm sure it is a Samsung problem and not pFsense, but there must be some way to work around it. I don't recall having this problem with my ancient Draytek Vigor 2130 router.

                  Is packet capture a pFsense utility? Never tried it before. Tried to use Wireshark once, but gave up - incredibly complicated to figure out.

                  JKnottJ 1 Reply Last reply Reply Quote 0
                  • JKnottJ
                    JKnott @lifespeed
                    last edited by

                    @lifespeed

                    If the problem is with the phone I doubt there's anything you could do in pfSense to get around it. PfSense includes Packet Capture, on the Diagnostics page. However, by itself, it provides limited info and it's better to download the capture to read with Wireshark. Yes, Wireshark is complicated, but it does a lot of useful stuff for working on networking problems. I use it regularly.

                    PfSense running on Qotom mini PC
                    i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                    UniFi AC-Lite access point

                    I haven't lost my mind. It's around here...somewhere...

                    1 Reply Last reply Reply Quote 0
                    • R
                      red3recon
                      last edited by

                      I use the software firewall untangle as my router firewall for my home network. I found over the last several months that all of the phones in my house that use Wi-Fi calling will sometimes have problems either sending or receiving pictures via SMS. I'm not trying to hijack this post, I'm trying to point out that it's not just pfsense that's causing this problem, nor is it just older phones because I just had the issue 5 minutes ago on my note 10 plus. It's also not limited to carrier because the original poster is on Verizon and I am on AT&T.

                      L 1 Reply Last reply Reply Quote 0
                      • L
                        lifespeed @red3recon
                        last edited by

                        @red3recon said in The firewall appears to be blocking outgoing text messages from my phone ...:

                        I use the software firewall untangle as my router firewall for my home network. I found over the last several months that all of the phones in my house that use Wi-Fi calling will sometimes have problems either sending or receiving pictures via SMS. I'm not trying to hijack this post, I'm trying to point out that it's not just pfsense that's causing this problem, nor is it just older phones because I just had the issue 5 minutes ago on my note 10 plus. It's also not limited to carrier because the original poster is on Verizon and I am on AT&T.

                        Ah, you have Samsung too. It is my slightly-informed opinion that Samsung has a problem with wifi calling (which is SMS-over-wifi as well) with an IPv6-enabled network. But I'm neither tech-savvy enough, or interested enough to become more wireshark-skilled, to prove this with certainty.

                        My solution will be to ditch the only Samsung phone in our household, which will come at a price. But I can't have the darn thing not receiving calls to one of my kids, and I'm not interested in trying to accommodate Samsung's stupidity.

                        JKnottJ 1 Reply Last reply Reply Quote 0
                        • JKnottJ
                          JKnott @lifespeed
                          last edited by

                          @lifespeed

                          Wifi calling uses the same protocol as VoLTE. It's VoIP encrypted with IPSec and then encapsulated in UDP, if passing through NAT. I don't know what's used when directly on the cell network, but on my WiFi, it uses IPv4, even though I have IPv6 available. I don't know much about the protocols used beyond that. Perhaps someone else here does.

                          PfSense running on Qotom mini PC
                          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                          UniFi AC-Lite access point

                          I haven't lost my mind. It's around here...somewhere...

                          L 1 Reply Last reply Reply Quote 0
                          • L
                            lifespeed @JKnott
                            last edited by

                            @JKnott said in The firewall appears to be blocking outgoing text messages from my phone ...:

                            @lifespeed

                            Wifi calling uses the same protocol as VoLTE. It's VoIP encrypted with IPSec and then encapsulated in UDP, if passing through NAT. I don't know what's used when directly on the cell network, but on my WiFi, it uses IPv4, even though I have IPv6 available. I don't know much about the protocols used beyond that. Perhaps someone else here does.

                            I know Verizon uses IPv6 on their mobile network, as an FTP login to my server from my phone connected to a mobile tower yields an IPv6 address. I'm not sure how I could ever tell if IPv6 is used for VoLTE, though, as I don't have that level of access to their network.

                            I do know that my mother-in-law's Samsung phone doesn't have a problem on her home wifi, but that is your typical consumer router <2 years old. I think it is common for such gear to default to IPv4 on the LAN. It may be there is a Samsung bug with wifi calling that is triggered by the availability of IPv6, even if it isn't using it. To be honest, it is academic once it is isolated to a Samsung problem rather than pfSense - the Samsung phone must go.

                            JKnottJ 1 Reply Last reply Reply Quote 0
                            • JKnottJ
                              JKnott @lifespeed
                              last edited by JKnott

                              @lifespeed said in The firewall appears to be blocking outgoing text messages from my phone ...:

                              I know Verizon uses IPv6 on their mobile network, as an FTP login to my server from my phone connected to a mobile tower yields an IPv6 address. I'm not sure how I could ever tell if IPv6 is used for VoLTE, though, as I don't have that level of access to their network.

                              My cell company (Rogers) also has IPv6 and I get a /64, when I tether to it. Like you, I have no way to see what's on the cell network.

                              I do know that my mother-in-law's Samsung phone doesn't have a problem on her home wifi, but that is your typical consumer router <2 years old. I think it is common for such gear to default to IPv4 on the LAN.

                              Actually, routers these days should handle IPv6, thought some people don't enable it. It's the client that normally defaults to IPv6, not the router.

                              PfSense running on Qotom mini PC
                              i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                              UniFi AC-Lite access point

                              I haven't lost my mind. It's around here...somewhere...

                              L 1 Reply Last reply Reply Quote 0
                              • L
                                lifespeed @JKnott
                                last edited by

                                @JKnott said in The firewall appears to be blocking outgoing text messages from my phone ...:

                                Actually, routers these days should handle IPv6, thought some people don't enable it. It's the client that normally defaults to IPv6, not the router.

                                I think what you're referring to as IPv6 is a link-local address. A globally-routable IPv6 (SLAAC) requiring prefix delegation is not the default configuration in a consumer router, and does require a change to router setup. I think. It isn't default in pfSense either.

                                JKnottJ 1 Reply Last reply Reply Quote 0
                                • JKnottJ
                                  JKnott @lifespeed
                                  last edited by JKnott

                                  @lifespeed

                                  No, if IPv6 is available, from an ISP, the default is to prefer IPv6, though that can be changed. So, if you have IPv6 on your network, and not just link local, then it will be used, unless you've configured the computer otherwise. However, there are people who have IPv6 avaiable from their ISP and don't even know it. They configure for IPv4 only.

                                  BTW, I've been running IPv6 on my home network for almost 10 years, so I'm speaking from experience. I have a utility on my browser called "ShowIP" and it's currently displaying an IPv6 address for the forum.

                                  PfSense running on Qotom mini PC
                                  i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                                  UniFi AC-Lite access point

                                  I haven't lost my mind. It's around here...somewhere...

                                  L 1 Reply Last reply Reply Quote 0
                                  • L
                                    lifespeed @JKnott
                                    last edited by lifespeed

                                    @JKnott said in The firewall appears to be blocking outgoing text messages from my phone ...:

                                    @lifespeed

                                    No, if IPv6 is available, from an ISP, the default is to prefer IPv6, though that can be changed. So, if you have IPv6 on your network, and not just link local, then it will be used, unless you've configured the computer otherwise. However, there are people who have IPv6 avaiable from their ISP and don't even know it. They configure for IPv4 only.

                                    BTW, I've been running IPv6 on my home network for almost 10 years, so I'm speaking from experience. I have a utility on my browser called "ShowIP" and it's currently displaying an IPv6 address for the forum.

                                    My point was that a default router configuration, even if it receives an external IPv6, still does not prefix-delegate a globally-routable address for use by LAN devices. I'm sure you're aware pfSense does not enable this by default, so your average consumer router doesn't either. I just did this recently so the experience is still fresh in my mind. IPv6 on the LAN, not device-generated link-local addresses, is a deliberate configuration in pfSense, not the default.

                                    I also have globally-routable IPv6 addresses available to my LAN devices, but I had to deliberately configure this way. Which is why I think we don't see a flood of Samsung wifi calling/SMS complaints. 99% of home network owners don't set up LAN IPv6.

                                    JKnottJ 1 Reply Last reply Reply Quote 0
                                    • NollipfSenseN
                                      NollipfSense
                                      last edited by

                                      I bet the phone is not pointing to the SG-3100 to resolve all DNS request when using WIFI.

                                      pfSense+ 23.09 Lenovo Thinkcentre M93P SFF Quadcore i7 dual Raid-ZFS 128GB-SSD 32GB-RAM PCI-Intel i350-t4 NIC, -Intel QAT 8950.
                                      pfSense+ 23.09 VM-Proxmox, Dell Precision Xeon-W2155 Nvme 500GB-ZFS 128GB-RAM PCIe-Intel i350-t4, Intel QAT-8950, P-cloud.

                                      L JKnottJ 2 Replies Last reply Reply Quote 0
                                      • L
                                        lifespeed @NollipfSense
                                        last edited by

                                        @NollipfSense said in The firewall appears to be blocking outgoing text messages from my phone ...:

                                        I bet the phone is not pointing to the SG-3100 to resolve all DNS request when using WIFI.

                                        A few people have posted here with very similar problems, usually involving Samsung. I can't speak for them, but my pfSense (Supermicro X11SDV-4C-TP8F) is configured as the DNS server and works well with Android Pixel phones, but not Samsung.

                                        1 Reply Last reply Reply Quote 0
                                        • JKnottJ
                                          JKnott @lifespeed
                                          last edited by

                                          @lifespeed said in The firewall appears to be blocking outgoing text messages from my phone ...:

                                          My point was that a default router configuration, even if it receives an external IPv6, still does not prefix-delegate a globally-routable address for use by LAN devices. I'm sure you're aware pfSense does not enable this by default, so your average consumer router doesn't either. I just did this recently so the experience is still fresh in my mind. IPv6 on the LAN, not device-generated link-local addresses, is a deliberate configuration in pfSense, not the default.

                                          With my ISP, if you use their modem in gateway mode, it will provide IPv6 as well as IPv4. The problem arises when people install their own router. Since they're not aware of IPv6, they likely won't configure for it. I haven't used one of those consumer grade routers on my network for several years. However, 10 years ago, my firewall was built on openSUSE Linux and I only got IPv6 by running a tunnel. When my ISP started providing IPv6, 4 years ago, I switched to pfSense because my old firewall wouldn't handle DHCP-v6-PD. I also suspect many who should know better don't enable IPv6 because they're not competent with it.

                                          PfSense running on Qotom mini PC
                                          i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                                          UniFi AC-Lite access point

                                          I haven't lost my mind. It's around here...somewhere...

                                          NollipfSenseN 1 Reply Last reply Reply Quote 0
                                          • JKnottJ
                                            JKnott @NollipfSense
                                            last edited by

                                            @NollipfSense said in The firewall appears to be blocking outgoing text messages from my phone ...:

                                            I bet the phone is not pointing to the SG-3100 to resolve all DNS request when using WIFI.

                                            If Wifi calling uses a publicly available DNS or even one internal to the carrier, that shouldn't be an issue. Also, I did a host lookup on the address used for Wifi calling and it didn't return a host name, so it may be configured by actual IP address, rather than host name.

                                            PfSense running on Qotom mini PC
                                            i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
                                            UniFi AC-Lite access point

                                            I haven't lost my mind. It's around here...somewhere...

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.