Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Firewall blocks intermittent LAN -> WAN traffic

    General pfSense Questions
    4
    11
    1542
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • lanrat
      lanrat last edited by

      I recently switched to pfSense from DD-WRT and am having some problems.
      Lots of traffic from the LAN to the internet is being blocked by the firewall by the "Default deny rule".

      I don't understand why this is happening, I've searched around and most topics link to this (https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection) page. My understanding is that in this scenario the packets are being logged as blocked but are in fact correctly being routed. In my case there are actually connectivity issues.

      Can anyone point me in the correct direction to get this working? I've attached screenshots of the logs and firewall rules.
      Thanks.







      1 Reply Last reply Reply Quote 0
      • C
        cmb last edited by

        Is the 2600:1010:8048:c052:: still your LAN IPv6 subnet? How is your LAN IPv6 configured?

        The fe80 blocks are correct given your firewall rules and general sanity, link local IPs can't be used to communicate to the Internet. That might just be because the public v6 can't get out.

        1 Reply Last reply Reply Quote 0
        • lanrat
          lanrat last edited by

          2600:1010:8048:c052:: is not part of my LAN. IPv6 is configured as a 6in4 tunnel to my ISP

          I also pass all IPv6 tests.

          Is it normal for fe80 addresses to attempt to make requests like these?

          1 Reply Last reply Reply Quote 0
          • C
            cmb last edited by

            That explains why then. Something on your LAN has that 2600:1010:8048:c052 IP assigned, which is being blocked because it's not "LAN net".

            It's not typical to have something initiating Internet-bound traffic from a link local IP. Guessing that might be the same host, it's failing back to trying that because its public v6 IP isn't working.

            1 Reply Last reply Reply Quote 0
            • lanrat
              lanrat last edited by

              So that should explain one host having problems, but every computer on my network is having problems connecting to the internet. Including IPv4 only traffic.

              1 Reply Last reply Reply Quote 0
              • C
                cmb last edited by

                That's not related to the blocked traffic shown there. DNS on clients work? Can they ping out? What's traceroute out look like?

                1 Reply Last reply Reply Quote 0
                • lanrat
                  lanrat last edited by

                  I tested disabling IPv6 and running the firewall for a day.

                  Overall the network seemed better, but I'm still getting logs of blocked packets. Do these look like they fall into this category https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection ?

                  Log is attached.


                  1 Reply Last reply Reply Quote 0
                  • johnpoz
                    johnpoz LAYER 8 Global Moderator last edited by

                    Yes all of those blocks are out of STATE..  They are not syn packets being blocked.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

                    1 Reply Last reply Reply Quote 0
                    • Y
                      Yowsers last edited by

                      Not sure if what I experienced was exactly the same as you but it appears to be similar.  The firewall blocks were cluttering my syslog server.  Ended up just unchecking "Log packets matched from the default block rules in the ruleset" located at Status->System Logs, Settings (status_logs_settings.php) and that stopped the spamming in the firewall logs for me.

                      1 Reply Last reply Reply Quote 0
                      • lanrat
                        lanrat last edited by

                        This did not solve the problem, I'm still having intermittent internet loss and extremely slow speeds.
                        It is hard to debug this because due to it being intermittent. Switching to DD-WRT always imitatively fixes the issues.

                        1 Reply Last reply Reply Quote 0
                        • lanrat
                          lanrat last edited by

                          Attached is another screenshot of the log.

                          Could there be anything other than the firewall that could be causing the problems I'm running into?


                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post