Odd blocked traffic on Pfsense Azure appliance



  • Hello,

    We are running the netgate pfsense azure appliance at work (https://azuremarketplace.microsoft.com/en-us/marketplace/apps/netgate.netgate-pfsense-appliance)

    For this to work we have 2 NICs (WAN, LAN) in our azure VM.

    Out networks are,
    LAN: 10.0.60.0/24, ip: 10.0.60.10, gateway: None
    WAN: 10.0.50.0/24, ip: 10.0.50.10, gateway: 10.0.50.1 (Azure controls the gateway)

    This works good but periodically i get firewall block entries with info,
    @53(1000001570) block drop in log on ! hn0 inet from 10.0.50.0/24 to any
    @58(1000002620) block drop in log on ! hn1 inet from 10.0.60.0/24 to any

    
    Apr 12 08:56:38	LAN	  10.0.50.10:65001	  10.0.60.10:65000	TCP:SA
    Apr 12 08:56:38	LAN	  10.0.50.10:65001	  10.0.60.10:65000	TCP:SA
    Apr 12 08:54:07	WAN	  10.0.60.10:65001	  10.0.50.10:65000	TCP:SA
    Apr 12 08:54:07	WAN	  10.0.60.10:65001	  10.0.50.10:65000	TCP:SA
    
    

    As far as i can tell this does not affect the stability and service of the firewall.

    Do any one know why i get these connections from the pfsense WAN <-> LAN interfaces?
    Or if i somehow can simply not show them in my firewall log. I tried adding Easy rules but they are never triggered.

    Thanks!



  • I'm seeing the same thing… did you figure anything out?


  • Netgate Administrator

    The rule it's hitting implies you have traffic coming in on the wrong interface. Like traffic from 10.0.60.0/24 hitting the WAN which should never happen.

    Either that traffic it routed past pfSense somehow or maybe that subnet is in use somewhere else on the WAN side.

    However since you're seeing that on both interfaces with seemingly identical traffic I suspect something in the infrastructure. Those port numbers appear to be used by the Azure load-balancer.

    Steve



  • Hi,

    had the same problem yesterday. It´s gone now, i have changed the topology a little bit.

    New topology:

    VNET: 10.17.0.0/22 (3 subnets)
    pfsense wan interface: 10.17.0.4/24
    pfsense lan interface: 10.17.1.4/24
    pfsense default gateway (azure): 10.17.0.1
    pfsense lan gateway (azure): 10.17.1.1
    
    client subnet: 10.17.2.0/24
    pfsense static route: 10.17.2.0./24 --> 10.17.1.1
    
    azure user defined routing (udr) bound to client subnet 10.17.2.0/24: 
    0.0.0.0/0 --> 10.17.1.4
    10.17.0.0/22 --> 10.17.1.4
    

    Regards,
    Martin


Log in to reply