PFSense suddenly block all WAN traffic.
-
Hi friends,
I use PFSense on Vmware as virtual machine. Everything was fine before upgrading to PFsense 2.3.4. Now every 20-60 minutes pfsense filter block all WAN traffic (even WAN gateway, there is no ping to WAN GW from pfsense). I uninstall Snort, pfBlocker, but it doent't help. In system logs (Status->System logs) there is no any criminal. If I go to the Interface configuration and perform disabling\enabling WAN interface - it help for a short time, but after 20-60 minutes all WAN will be blocked again.MBUF, CPU, Memory, Disk, inodes - all their utilization is very small (3-5%).
If anybody got the same troubles, could you please tell me the proper log to see whats happend? -
Is it logging the blocked traffic? If so, it should say which rule is blocking the traffic. If not, how do you know it's blocking the traffic? "Blocking" is a very specific term, indicating the traffic was purposefully blocked by a firewall rule.
-
Hi,
I have the exact same issue on 2.3.4… it suddenly blocks all inbound traffic, mostly after a high network load.
I don't see usable info in the logs.
Edit: After rebooting the device, the issue resolved.
Did you find what the issue is? This keeps happening.
Thanks!!
-
Can it connect out when that happens? Can you ping something from the console for example?
Is the console still responsive even?
I would expect something to be logged if this is an error or buffer exhaustion for example.
Steve
-
Backup configuration, and reinstall pfsense fresh with version 2.3.4
-
That's always an option and it's usually fast to do but if it were me I would want to try and see why it was happening. Otherwise there is every chance it would do exactly the same thing after restoring the old config into it.
Steve
-
Hi all,
It can connect out without problems… it's only the inbound traffic which is completely blocked.
Outgoing ping etc works, the console is also still responsive.
-
I assume you mean inbound on LAN? Since inbound traffic on WAN would be blocked by default.
Do you see the traffic blocked in the firewall logs? Assuming you have log default blocks still enabled, it would by by default.
If it happens spontaneously it's almost always a package, what packages do you have installed?
Steve
-
Hi Steve,
Inbound on both LAN & WAN (I have a few open ports on the WAN also).
On the console, I only see some UDP inbound connections being blocked… but nothing on TCP for example.
The issue started after updating to 2.3.4. Have been using the same Pfsense for years without any issues.
I only have 1 package installed, which is the openvpn-client-export package.
-
What version did you upgrade from?
-
Not sure sorry.
I do see there is a new update available now: 2.3.4_1…
-
Well you should upgrade to that but I don't think there was anything that went in that would affect this.
We need to find out what's actually happening here.
Are packets actually arriving at the firewall? A packet capture would show that.
https://doc.pfsense.org/index.php/Sniffers,_Packet_CaptureAre states being created? You can use pfctl -ss to see that from the command line, grep for something useful.
If they are not creating states, what is blocking that?
Something should be logged.Steve
-
I started with a fresh install, as suggested by tripplex, restoring the settings and that seems to resolve the issue.
I'm still monitoring if it remains online.
Once it happens again, I'll wireshark & check the states Steve.
Keep you guys updated!