Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Why is this being logged with this rule?

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L Offline
      lrosenman
      last edited by

      I'm seeing TONS of tnese:

      Action Time Interface Source Destination Protocol
      Apr 17 11:07:08 LAN   192.168.200.4:32469   192.168.201.14:60441 TCP:SA
      Apr 17 11:07:08 LAN   192.168.200.4:32469   192.168.201.14:60441 TCP:SA
      Apr 17 11:07:08 LAN   192.168.200.4:32469   192.168.201.14:60421 TCP:SA
      Apr 17 11:07:06 LAN   192.168.200.4:32469   192.168.201.20:55746 TCP:SA
      Apr 17 11:07:06 LAN   192.168.200.4:32469   192.168.201.17:42012 TCP:SA
      Apr 17 11:07:05 LAN   192.168.200.4:32469   192.168.201.14:60441 TCP:SA
      Apr 17 11:07:05 LAN   192.168.200.4:32469   192.168.201.14:60421 TCP:SA
      Apr 17 11:07:05 LAN   192.168.200.4:32469   192.168.201.14:60401 TCP:SA
      Apr 17 11:07:03 LAN   192.168.200.4:32469   192.168.201.20:55731 TCP:SA
      Apr 17 11:07:03 LAN   192.168.200.4:32469   192.168.201.20:55746 TCP:SA
      Apr 17 11:07:03 LAN   192.168.200.4:32469   192.168.201.17:42012 TCP:SA
      Apr 17 11:07:03 LAN   192.168.200.4:32469   192.168.201.17:42000 TCP:SA
      Apr 17 11:07:02 LAN   192.168.200.4:32469   192.168.201.14:60421 TCP:SA
      Apr 17 11:07:02 LAN   192.168.200.4:32469   192.168.201.14:60421 TCP:SA
      Apr 17 11:07:02 LAN   192.168.200.4:32469   192.168.201.14:60401 TCP:SA
      Apr 17 11:07:01 LAN   192.168.200.4:32469   192.168.201.20:55731 TCP:SA
      Apr 17 11:07:01 LAN   192.168.200.4:32469   192.168.201.20:55746 TCP:SA
      Apr 17 11:07:00 LAN   192.168.200.4:32469   192.168.201.17:42012 TCP:SA
      Apr 17 11:07:00 LAN   192.168.200.4:32469   192.168.201.17:42000 TCP:SA
      Apr 17 11:06:59 LAN   192.168.200.4:32469   192.168.201.14:60421 TCP:SA
      Apr 17 11:06:59 LAN   192.168.200.4:32469   192.168.201.14:60401 TCP:SA
      Apr 17 11:06:59 LAN   192.168.200.4:32469   192.168.201.14:60377 TCP:SA
      Apr 17 11:06:58 LAN   192.168.200.4:32469   192.168.201.17:42012 TCP:SA
      Apr 17 11:06:58 LAN   192.168.200.4:32469   192.168.201.20:55746 TCP:SA
      Apr 17 11:06:58 LAN   192.168.200.4:32469   192.168.201.20:55731 TCP:SA
      Apr 17 11:06:58 LAN   192.168.200.4:32469   192.168.201.20:55721 TCP:SA
      Apr 17 11:06:57 LAN   192.168.200.4:32469   192.168.201.17:41980 TCP:SA
      Apr 17 11:06:57 LAN   192.168.200.4:32469   192.168.201.17:42012 TCP:SA
      Apr 17 11:06:57 LAN   192.168.200.4:32469   192.168.201.17:42000 TCP:SA
      Apr 17 11:06:56 LAN   192.168.200.4:32469   192.168.201.14:60401 TCP:SA
      Apr 17 11:06:56 LAN   192.168.200.4:32469   192.168.201.14:60377 TCP:SA
      Apr 17 11:06:55 LAN   192.168.200.4:32469   192.168.201.20:55731 TCP:SA
      Apr 17 11:06:55 LAN   192.168.200.4:32469   192.168.201.20:55721 TCP:SA
      Apr 17 11:06:55 LAN   192.168.200.4:32469   192.168.201.20:55731 TCP:SA
      Apr 17 11:06:54 LAN   192.168.200.4:58930   192.168.201.17:49200 TCP:FA
      Apr 17 11:06:54 LAN   192.168.200.4:58929   192.168.201.17:49200 TCP:FA
      Apr 17 11:06:54 LAN   192.168.200.4:58928   192.168.201.17:49200 TCP:FA
      Apr 17 11:06:54 LAN   192.168.200.4:58923   192.168.201.20:49200 TCP:FA
      Apr 17 11:06:54 LAN   192.168.200.4:58922   192.168.201.20:49200 TCP:FA
      Apr 17 11:06:54 LAN   192.168.200.4:32469   192.168.201.17:41980 TCP:SA
      Apr 17 11:06:54 LAN   192.168.200.4:32469   192.168.201.17:42000 TCP:SA
      Apr 17 11:06:53 LAN   192.168.200.4:32469   192.168.201.14:60401 TCP:SA
      Apr 17 11:06:53 LAN   192.168.200.4:32469   192.168.201.14:60377 TCP:SA
      Apr 17 11:06:52 LAN   192.168.200.4:32469   192.168.201.17:42000 TCP:SA
      Apr 17 11:06:52 LAN   192.168.200.4:32469   192.168.201.20:56061 TCP:SA
      Apr 17 11:06:52 LAN   192.168.200.4:32469   192.168.201.20:55731 TCP:SA
      Apr 17 11:06:52 LAN   192.168.200.4:32469   192.168.201.20:55721 TCP:SA
      Apr 17 11:06:51 LAN   192.168.200.4:32469   192.168.201.17:41967 TCP:SA
      Apr 17 11:06:51 LAN   192.168.200.4:32469   192.168.201.17:42000 TCP:SA
      Apr 17 11:06:51 LAN   192.168.200.4:32469   192.168.201.17:41980 TCP:SA

      but I have these rules:
      3/21.13 MiB

          • LAN Address 80
            22 * * Anti-Lockout Rule
            10/38 KiB
            IPv4 TCP 192.168.200.4 * 192.168.201.20/22 * * none Easy Rule: Passed from Firewall Log View    
            180/20.73 GiB
            IPv4+6 * * * * * * none Default allow LAN to any rule    
            0/0 B
            IPv4+6 IGMP * * * * * none    
            0/0 B
            IPv4 * * * * * * none    
            Add

      WHY am I seeing these logs?

      I want the LAN/WIFI nets (bridged) to have free reign

      1 Reply Last reply Reply Quote 0
      • H Offline
        Harvy66
        last edited by

        All out of state packets get rejected by the default rule and logged if you have logged on your default rule enabled. You probably have asymmetric routing. PFSense is a stateful firewall. If PFSense never sees a SYN packet, it sure as hell won't allow the SYN-ACK packet. It enforces proper handshakes. If you have an asymetric router, then PFSense may only see packets flowing in one of the directions.

        1 Reply Last reply Reply Quote 0
        • L Offline
          lrosenman
          last edited by

          Interestingly, these are from Plex (the media server) to my Dish Network devices (Joey, Wireless Joey, Wireless Joey AP, Hopper 3).

          I'll see if I can figure out why stuff is "Out of State" from Plex on FreeBSD to the Dish Stuff.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.