Strange issue
-
Argh, I was too quick and deleted the actual question!
I have a pfsense with WAN / em0 on 10.0.56.100/24. Also a LAN / em1 at 192.168.50.1/24.
I created a VIP for WAN on 10.0.56.11 and created a port forward rule for 10.0.56.11:10080 to 192.168.50.10:10080.
A client on the WAN with ip 10.0.56.101 hits port 10080 and gets forwarded. That works.
A client on the WAN with ip 10.44.0.243 hits port 10080 and gets forwarded. Working.I now copy that port forwarding rule and change port 10080 to 80.
A client on the WAN with ip 10.0.56.101 hits port 80 and gets forwarded. That works.
A client on the WAN with ip 10.44.0.243 hits port 80 and gets the pfsense admin redirect page to 8443 (8443 is what I set the admin web configurator to)
I disable the redirect in the advanced setup option, reboot pfsense, reboot client & browser. Same thing, client with ip 10.44.0.243 hits WAN 10.0.56.11:80 and gets the admin redirect.Where should I start looking?
pfctl -sa
TRANSLATION RULES:
no nat proto carp all
nat-anchor "natearly/" all
nat-anchor "natrules/" all
nat on em0 inet from <tonatsubnets>to any port = isakmp -> 10.0.56.100 static-port
nat on em0 inet from <tonatsubnets>to any -> 10.0.56.100 port 1024:65535
nat on em2 inet from <tonatsubnets>to any port = isakmp -> 192.168.20.20 static-port
nat on em2 inet from <tonatsubnets>to any -> 192.168.20.20 port 1024:65535
nat on em3 inet from <tonatsubnets>to any port = isakmp -> 172.31.255.100 static-port
nat on em3 inet from <tonatsubnets>to any -> 172.31.255.100 port 1024:65535
no rdr proto carp all
rdr-anchor "relayd/" all
rdr-anchor "tftp-proxy/" all
rdr on em0 inet proto tcp from any to 10.0.56.11 port = http -> 192.168.50.10
rdr on em0 inet proto tcp from any to 10.0.56.11 port = amanda -> 192.168.50.10
rdr on em2 inet proto tcp from 192.168.0.11 to 192.168.20.21 port = http -> 192.168.50.10
rdr on em2 inet proto tcp from 192.168.0.0/24 to 192.168.20.21 port = 1158 -> 192.168.50.9
rdr on em2 inet proto tcp from 192.168.0.0/24 to 192.168.20.21 port = ncube-lm -> 192.168.50.9
rdr on em2 inet proto tcp from 192.168.0.0/24 to 192.168.20.21 port = 5500 -> 192.168.50.9
rdr on em2 inet proto tcp from 192.168.20.0/24 to 192.168.20.20 port = 8443 -> 192.168.50.1
rdr on em4 inet proto tcp from 192.168.60.0/24 to 192.168.20.20 port = 8443 -> 192.168.50.1
rdr on em2 inet proto tcp from 192.168.20.0/24 to 192.168.20.20 port = 3000 -> 192.168.50.1 port 8443
rdr-anchor "miniupnpd" allFILTER RULES:
scrub on em0 all no-df fragment reassemble
scrub on em1 all no-df fragment reassemble
scrub on em2 all no-df fragment reassemble
scrub on em3 all no-df fragment reassemble
scrub on em4 all no-df fragment reassemble
anchor "relayd/" all
anchor "openvpn/" all
anchor "ipsec/" all
pass in log quick on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback"
pass out log quick on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback"
block drop in log quick inet6 all label "Block all IPv6"
block drop out log quick inet6 all label "Block all IPv6"
block drop in log quick inet from 169.254.0.0/16 to any label "Block IPv4 link-local"
block drop in log quick inet from any to 169.254.0.0/16 label "Block IPv4 link-local"
block drop in log inet all label "Default deny rule IPv4"
block drop out log inet all label "Default deny rule IPv4"
block drop in log inet6 all label "Default deny rule IPv6"
block drop out log inet6 all label "Default deny rule IPv6"
pass log quick inet6 proto ipv6-icmp all icmp6-type unreach keep state
pass log quick inet6 proto ipv6-icmp all icmp6-type toobig keep state
pass log quick inet6 proto ipv6-icmp all icmp6-type neighbrsol keep state
pass log quick inet6 proto ipv6-icmp all icmp6-type neighbradv keep state
pass out log quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echorep keep state
pass out log quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state
pass out log quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state
pass out log quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state
pass out log quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state
pass out log quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echorep keep state
pass out log quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state
pass out log quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state
pass out log quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state
pass out log quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state
pass in log quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echoreq keep state
pass in log quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state
pass in log quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state
pass in log quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state
pass in log quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state
pass in log quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type echoreq keep state
pass in log quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routersol keep state
pass in log quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routeradv keep state
pass in log quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type neighbrsol keep state
pass in log quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type neighbradv keep state
pass in log quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echoreq keep state
pass in log quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state
pass in log quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state
pass in log quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state
pass in log quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state
block drop log quick inet proto tcp from any port = 0 to any label "Block traffic from port 0"
block drop log quick inet proto udp from any port = 0 to any label "Block traffic from port 0"
block drop log quick inet proto tcp from any to any port = 0 label "Block traffic to port 0"
block drop log quick inet proto udp from any to any port = 0 label "Block traffic to port 0"
block drop log quick inet6 proto tcp from any port = 0 to any label "Block traffic from port 0"
block drop log quick inet6 proto udp from any port = 0 to any label "Block traffic from port 0"
block drop log quick inet6 proto tcp from any to any port = 0 label "Block traffic to port 0"
block drop log quick inet6 proto udp from any to any port = 0 label "Block traffic to port 0"
block drop log quick from <snort2c>to any label "Block snort2c hosts"
block drop log quick from any to <snort2c>label "Block snort2c hosts"
block drop in log quick proto carp from (self) to any
pass log quick proto carp all no state
block drop in log quick proto tcp from <sshlockout>to (self) port = ssh label "sshlockout"
block drop in log quick proto tcp from <webconfiguratorlockout>to (self) port = 8443 label "webConfiguratorlockout"
block drop in log quick from <virusprot>to any label "virusprot overload table"
block drop in log on ! em0 inet from 10.0.56.0/24 to any
block drop in log inet from 10.0.56.100 to any
block drop in log inet from 10.0.56.11 to any
block drop in log on em0 inet6 from fe80::20c:29ff:fe47:57ba to any
block drop in log on ! em1 inet from 192.168.50.0/24 to any
block drop in log inet from 192.168.50.1 to any
block drop in log on em1 inet6 from fe80::20c:29ff:fe47:57c4 to any
pass in log quick on em1 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server"
pass in log quick on em1 inet proto udp from any port = bootpc to 192.168.50.1 port = bootps keep state label "allow access to DHCP server"
pass out log quick on em1 inet proto udp from 192.168.50.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server"
block drop in log on ! em2 inet from 192.168.20.0/24 to any
block drop in log inet from 192.168.20.20 to any
block drop in log inet from 192.168.20.21 to any
block drop in log on em2 inet6 from fe80::20c:29ff:fe47:57ce to any
block drop in log on ! em3 inet from 172.31.255.0/24 to any
block drop in log inet from 172.31.255.100 to any
block drop in log on em3 inet6 from fe80::20c:29ff:fe47:57d8 to any
pass in log on em3 proto udp from any port = bootps to any port = bootpc keep state label "allow dhcp client out WAN0NAT"
pass out log on em3 proto udp from any port = bootpc to any port = bootps keep state label "allow dhcp client out WAN0NAT"
block drop in log on ! em4 inet from 192.168.60.0/24 to any
block drop in log inet from 192.168.60.1 to any
block drop in log on em4 inet6 from fe80::20c:29ff:fe47:57e2 to any
pass in log quick on em4 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server"
pass in log quick on em4 inet proto udp from any port = bootpc to 192.168.60.1 port = bootps keep state label "allow access to DHCP server"
pass out log quick on em4 inet proto udp from 192.168.60.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server"
pass in log on lo0 inet all flags S/SA keep state label "pass IPv4 loopback"
pass out log on lo0 inet all flags S/SA keep state label "pass IPv4 loopback"
pass in log on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback"
pass out log on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback"
pass out log inet all flags S/SA keep state allow-opts label "let out anything IPv4 from firewall host itself"
pass out log inet6 all flags S/SA keep state allow-opts label "let out anything IPv6 from firewall host itself"
pass out log route-to (em0 10.0.56.254) inet from 10.0.56.100 to ! 10.0.56.0/24 flags S/SA keep state allow-opts label "let out anything from firewall host itself"
pass out log route-to (em0 10.0.56.254) inet from 10.0.56.11 to ! 10.0.56.0/24 flags S/SA keep state allow-opts label "let out anything from firewall host itself"
pass out log route-to (em2 192.168.20.1) inet from 192.168.20.20 to ! 192.168.20.0/24 flags S/SA keep state allow-opts label "let out anything from firewall host itself"
pass out log route-to (em2 192.168.20.1) inet from 192.168.20.21 to ! 192.168.20.0/24 flags S/SA keep state allow-opts label "let out anything from firewall host itself"
pass out log route-to (em3 172.31.255.1) inet from 172.31.255.100 to ! 172.31.255.0/24 flags S/SA keep state allow-opts label "let out anything from firewall host itself"
pass in log quick on em1 proto tcp from any to (em1) port = 8443 flags S/SA keep state label "anti-lockout rule"
pass in log quick on em1 proto tcp from any to (em1) port = ssh flags S/SA keep state label "anti-lockout rule"
anchor "userrules/" all
pass in log quick on em0 reply-to (em0 10.0.56.254) inet proto tcp from any to 192.168.50.10 port = http flags S/SA keep state label "USER_RULE: NAT NAT for enekets http PRD to DILEWEB0001"
pass in log quick on em0 reply-to (em0 10.0.56.254) inet proto tcp from any to 192.168.50.10 port = amanda flags S/SA keep state label "USER_RULE: NAT NAT for enekets http ACC to DILEWEB0001"
pass in quick on em0 reply-to (em0 10.0.56.254) inet proto icmp from any to (self) icmp-type echorep keep state label "USER_RULE"
pass in quick on em0 reply-to (em0 10.0.56.254) inet proto icmp from any to (self) icmp-type echoreq keep state label "USER_RULE"
pass in quick on em0 reply-to (em0 10.0.56.254) inet proto icmp from any to (self) icmp-type trace keep state label "USER_RULE"
pass in quick on em0 reply-to (em0 10.0.56.254) inet proto icmp from any to 10.0.56.11 icmp-type echorep keep state label "USER_RULE"
pass in quick on em0 reply-to (em0 10.0.56.254) inet proto icmp from any to 10.0.56.11 icmp-type echoreq keep state label "USER_RULE"
pass in quick on em0 reply-to (em0 10.0.56.254) inet proto icmp from any to 10.0.56.11 icmp-type trace keep state label "USER_RULE"
pass in quick on em0 reply-to (em0 10.0.56.254) inet from any to 10.0.56.11 flags S/SA keep state label "USER_RULE"
pass in quick on em0 reply-to (em0 10.0.56.254) inet proto tcp from 10.44.0.0/24 to 10.0.56.11 port = http flags S/SA keep state label "USER_RULE: Easy Rule: Passed from Firewall Log View"
pass in quick on em0 reply-to (em0 10.0.56.254) inet proto tcp from 10.44.0.0/24 to 10.0.56.11 port = amanda flags S/SA keep state label "USER_RULE: Easy Rule: Passed from Firewall Log View"
pass in quick on em0 reply-to (em0 10.0.56.254) inet proto tcp from 10.44.0.243 to 10.0.56.11 port = http flags S/SA keep state label "USER_RULE: Easy Rule: Passed from Firewall Log View"
pass in quick on em1 inet proto tcp from any to (self) port = domain flags S/SA keep state label "USER_RULE: Allow LAN DNS lookups"
pass in quick on em1 inet proto udp from any to (self) port = domain keep state label "USER_RULE: Allow LAN DNS lookups"
pass in quick on em1 inet proto tcp from 192.168.50.0/24 to 80.81.194.131 port = https flags S/SA keep state label "USER_RULE: Allow outgoing softether to vpn.zoelidad.com"
pass in quick on em1 inet proto udp from 192.168.50.0/24 to 80.81.194.131 port = https keep state label "USER_RULE: Allow outgoing softether to vpn.zoelidad.com"
pass in quick on em1 inet proto tcp from 192.168.50.0/24 to 192.168.20.104 port = ssh flags S/SA keep state label "USER_RULE: allow access to synology"
pass in quick on em1 inet proto icmp from 192.168.50.0/24 to 10.44.2.4 keep state label "USER_RULE: Allow Ping to enekets - SMTP"
pass in quick on em1 inet proto icmp from 192.168.50.0/24 to 10.44.2.1 keep state label "USER_RULE: Allow Ping to enekets - LDAP"
pass in quick on em2 reply-to (em2 192.168.20.1) inet proto icmp from any to 192.168.20.20 icmp-type echorep keep state label "USER_RULE: allow ping from 192.168. subnet"
pass in quick on em2 reply-to (em2 192.168.20.1) inet proto icmp from any to 192.168.20.20 icmp-type echoreq keep state label "USER_RULE: allow ping from 192.168. subnet"
pass in quick on em2 reply-to (em2 192.168.20.1) inet proto icmp from any to 192.168.20.20 icmp-type trace keep state label "USER_RULE: allow ping from 192.168. subnet"
pass in quick on em2 reply-to (em2 192.168.20.1) inet proto tcp from 192.168.0.11 to 192.168.50.10 port = http flags S/SA keep state label "USER_RULE: NAT NAT for zoelidad Sub to enekets http PRD to DIL…"
pass in quick on em2 reply-to (em2 192.168.20.1) inet proto tcp from 192.168.20.0/24 to (self) port = 3000 flags S/SA keep state label "USER_RULE"
pass in quick on em2 reply-to (em2 192.168.20.1) inet from 192.168.20.0/24 to (self) flags S/SA keep state label "USER_RULE"
pass in quick on em2 reply-to (em2 192.168.20.1) inet proto tcp from any to (self) port = 8443 flags S/SA keep state label "USER_RULE: Allow pfSense Admin from OPT1"
pass in quick on em2 reply-to (em2 192.168.20.1) inet proto tcp from any to any port = ssh flags S/SA keep state label "USER_RULE"
pass in quick on em2 reply-to (em2 192.168.20.1) inet proto tcp from 192.168.0.0/24 to 192.168.50.9 port = 1158 flags S/SA keep state label "USER_RULE: NAT NAT for zoelidad Sub to enekets Oracle EM"
pass in quick on em2 reply-to (em2 192.168.20.1) inet proto tcp from 192.168.0.0/24 to 192.168.50.9 port = 5500 flags S/SA keep state label "USER_RULE: NAT NAT for zoelidad Sub to VO Oracle EM"
pass in quick on em2 reply-to (em2 192.168.20.1) inet proto tcp from 192.168.0.0/24 to 192.168.50.9 port = ncube-lm flags S/SA keep state label "USER_RULE: NAT NAT for zoelidad Sub to VO Oracle SQLNet"
pass in log quick on em3 reply-to (em3 172.31.255.1) inet proto icmp from any to (self) keep state label "USER_RULE"
pass in quick on em4 inet proto tcp from any to (self) port = domain flags S/SA keep state label "USER_RULE: Allow DNS lookups"
pass in quick on em4 inet proto udp from any to (self) port = domain keep state label "USER_RULE: Allow DNS lookups"
pass in quick on em4 inet proto tcp from 192.168.60.0/24 to 80.81.194.131 port = https flags S/SA keep state label "USER_RULE: Allow outgoing softether to vpn.zoelidad.com"
pass in quick on em4 inet proto udp from 192.168.60.0/24 to 80.81.194.131 port = https keep state label "USER_RULE: Allow outgoing softether to vpn.zoelidad.com"
pass in quick on em4 inet proto tcp from 192.168.60.0/24 to 192.168.50.1 port = 8443 flags S/SA keep state label "USER_RULE: NAT Allow secure VO subnet (via OPT interface) ac..."
pass in quick on em4 inet from 192.168.60.0/24 to (self) flags S/SA keep state label "USER_RULE"
pass in quick on em4 inet proto tcp from 192.168.60.0/24 to 192.168.50.9 port = ncube-lm flags S/SA keep state label "USER_RULE: Allow LAN2 - VO object access to Oracle"
anchor "tftp-proxy/*" all
No queue in useSTATES:
em0 icmp 10.0.56.11:12 <- 10.44.0.243:12 0:0
em2 icmp 192.168.20.20:30327 -> 192.168.20.1:30327 0:0
em1 tcp 80.81.194.131:443 <- 192.168.50.10:53665 ESTABLISHED:ESTABLISHED
em0 tcp 10.0.56.100:13285 (192.168.50.10:53665) -> 80.81.194.131:443 ESTABLISHED:ESTABLISHED
lo0 tcp 127.0.0.1:1131 -> 127.0.0.1:6379 ESTABLISHED:ESTABLISHED
lo0 tcp 127.0.0.1:6379 <- 127.0.0.1:1131 ESTABLISHED:ESTABLISHED
em1 tcp 80.81.194.131:443 <- 192.168.50.10:53648 ESTABLISHED:ESTABLISHED
em0 tcp 10.0.56.100:40788 (192.168.50.10:53648) -> 80.81.194.131:443 ESTABLISHED:ESTABLISHED
em1 tcp 80.81.194.131:443 <- 192.168.50.10:53654 ESTABLISHED:ESTABLISHED
em0 tcp 10.0.56.100:21753 (192.168.50.10:53654) -> 80.81.194.131:443 ESTABLISHED:ESTABLISHED
lo0 tcp 127.0.0.1:51872 -> 127.0.0.1:6379 ESTABLISHED:ESTABLISHED
lo0 tcp 127.0.0.1:6379 <- 127.0.0.1:51872 ESTABLISHED:ESTABLISHED
em1 tcp 80.81.194.131:443 <- 192.168.50.10:53658 ESTABLISHED:ESTABLISHED
em0 tcp 10.0.56.100:32930 (192.168.50.10:53658) -> 80.81.194.131:443 ESTABLISHED:ESTABLISHED
em1 tcp 80.81.194.131:443 <- 192.168.50.10:53660 ESTABLISHED:ESTABLISHED
em0 tcp 10.0.56.100:45843 (192.168.50.10:53660) -> 80.81.194.131:443 ESTABLISHED:ESTABLISHED
em1 tcp 80.81.194.131:443 <- 192.168.50.10:53662 ESTABLISHED:ESTABLISHED
em0 tcp 10.0.56.100:57811 (192.168.50.10:53662) -> 80.81.194.131:443 ESTABLISHED:ESTABLISHED
em1 tcp 80.81.194.131:443 <- 192.168.50.10:53667 ESTABLISHED:ESTABLISHED
em0 tcp 10.0.56.100:59205 (192.168.50.10:53667) -> 80.81.194.131:443 ESTABLISHED:ESTABLISHED
em1 tcp 80.81.194.131:443 <- 192.168.50.10:53670 ESTABLISHED:ESTABLISHED
em0 tcp 10.0.56.100:63381 (192.168.50.10:53670) -> 80.81.194.131:443 ESTABLISHED:ESTABLISHED
em1 tcp 80.81.194.131:443 <- 192.168.50.10:53671 ESTABLISHED:ESTABLISHED
em0 tcp 10.0.56.100:64361 (192.168.50.10:53671) -> 80.81.194.131:443 ESTABLISHED:ESTABLISHED
em1 tcp 80.81.194.131:443 <- 192.168.50.10:53673 ESTABLISHED:ESTABLISHED
em0 tcp 10.0.56.100:43319 (192.168.50.10:53673) -> 80.81.194.131:443 ESTABLISHED:ESTABLISHED
em2 tcp 192.168.20.20:22 <- 192.168.0.53:61197 ESTABLISHED:ESTABLISHED
em0 udp 10.0.56.100:65390 -> 10.0.56.254:53 SINGLE:NO_TRAFFIC
em0 udp 10.0.56.100:43577 -> 10.0.56.254:53 MULTIPLE:SINGLE
em0 udp 10.0.56.100:27318 -> 10.0.56.254:53 MULTIPLE:SINGLE
em0 udp 10.0.56.100:27499 -> 10.0.56.254:53 MULTIPLE:SINGLE
em0 udp 10.0.56.100:51239 -> 10.0.56.254:53 MULTIPLE:SINGLE
em0 udp 10.0.56.100:58692 -> 10.0.56.254:53 MULTIPLE:SINGLE
em0 udp 10.0.56.100:36234 -> 10.0.56.254:53 MULTIPLE:SINGLE
em0 udp 10.0.56.100:53939 -> 10.0.56.254:53 MULTIPLE:SINGLE
em0 udp 10.0.56.100:26225 -> 10.0.56.254:53 MULTIPLE:SINGLE
em0 udp 10.0.56.100:7183 -> 10.0.56.254:53 MULTIPLE:SINGLE
lo0 udp 127.0.0.1:56408 -> 127.0.0.1:53 MULTIPLE:SINGLE
em0 udp 10.0.56.100:8438 -> 10.0.56.254:53 MULTIPLE:SINGLE
em4 tcp 192.168.50.9:1521 <- 192.168.60.101:43820 ESTABLISHED:ESTABLISHED
em1 tcp 192.168.60.101:43820 -> 192.168.50.9:1521 ESTABLISHED:ESTABLISHED
em4 tcp 192.168.50.9:1521 <- 192.168.60.101:43822 ESTABLISHED:ESTABLISHED
em1 tcp 192.168.60.101:43822 -> 192.168.50.9:1521 ESTABLISHED:ESTABLISHED
em4 tcp 192.168.50.9:1521 <- 192.168.60.101:43826 ESTABLISHED:ESTABLISHED
em1 tcp 192.168.60.101:43826 -> 192.168.50.9:1521 ESTABLISHED:ESTABLISHED
em4 tcp 192.168.50.9:1521 <- 192.168.60.101:43828 ESTABLISHED:ESTABLISHED
em1 tcp 192.168.60.101:43828 -> 192.168.50.9:1521 ESTABLISHED:ESTABLISHED
em4 tcp 192.168.50.9:1521 <- 192.168.60.101:43830 ESTABLISHED:ESTABLISHED
em1 tcp 192.168.60.101:43830 -> 192.168.50.9:1521 ESTABLISHED:ESTABLISHED
em4 tcp 192.168.50.9:1521 <- 192.168.60.101:43832 ESTABLISHED:ESTABLISHED
em1 tcp 192.168.60.101:43832 -> 192.168.50.9:1521 ESTABLISHED:ESTABLISHED
em4 tcp 192.168.50.9:1521 <- 192.168.60.101:43842 ESTABLISHED:ESTABLISHED
em1 tcp 192.168.60.101:43842 -> 192.168.50.9:1521 ESTABLISHED:ESTABLISHED
em4 tcp 192.168.50.9:1521 <- 192.168.60.101:43844 ESTABLISHED:ESTABLISHED
em1 tcp 192.168.60.101:43844 -> 192.168.50.9:1521 ESTABLISHED:ESTABLISHED
em4 tcp 192.168.50.9:1521 <- 192.168.60.101:43846 ESTABLISHED:ESTABLISHED
em1 tcp 192.168.60.101:43846 -> 192.168.50.9:1521 ESTABLISHED:ESTABLISHED
em1 tcp 80.81.194.131:443 <- 192.168.50.9:28017 FIN_WAIT_2:FIN_WAIT_2
em0 tcp 10.0.56.100:42588 (192.168.50.9:28017) -> 80.81.194.131:443 FIN_WAIT_2:FIN_WAIT_2
em1 tcp 80.81.194.131:443 <- 192.168.50.9:28027 FIN_WAIT_2:FIN_WAIT_2
em0 tcp 10.0.56.100:20324 (192.168.50.9:28027) -> 80.81.194.131:443 FIN_WAIT_2:FIN_WAIT_2
em1 tcp 80.81.194.131:443 <- 192.168.50.9:28030 FIN_WAIT_2:FIN_WAIT_2
em0 tcp 10.0.56.100:25854 (192.168.50.9:28030) -> 80.81.194.131:443 FIN_WAIT_2:FIN_WAIT_2
em1 tcp 80.81.194.131:443 <- 192.168.50.9:28035 FIN_WAIT_2:FIN_WAIT_2
em0 tcp 10.0.56.100:37798 (192.168.50.9:28035) -> 80.81.194.131:443 FIN_WAIT_2:FIN_WAIT_2
em1 tcp 80.81.194.131:443 <- 192.168.50.9:28038 FIN_WAIT_2:FIN_WAIT_2
em0 tcp 10.0.56.100:31945 (192.168.50.9:28038) -> 80.81.194.131:443 FIN_WAIT_2:FIN_WAIT_2
em1 tcp 80.81.194.131:443 <- 192.168.50.9:28045 FIN_WAIT_2:FIN_WAIT_2
em0 tcp 10.0.56.100:21067 (192.168.50.9:28045) -> 80.81.194.131:443 FIN_WAIT_2:FIN_WAIT_2
em1 tcp 80.81.194.131:443 <- 192.168.50.9:28048 TIME_WAIT:TIME_WAIT
em0 tcp 10.0.56.100:21498 (192.168.50.9:28048) -> 80.81.194.131:443 TIME_WAIT:TIME_WAIT
em1 tcp 80.81.194.131:443 <- 192.168.50.9:28058 FIN_WAIT_2:FIN_WAIT_2
em0 tcp 10.0.56.100:13172 (192.168.50.9:28058) -> 80.81.194.131:443 FIN_WAIT_2:FIN_WAIT_2
em1 tcp 80.81.194.131:443 <- 192.168.50.9:28062 FIN_WAIT_2:FIN_WAIT_2
em0 tcp 10.0.56.100:45119 (192.168.50.9:28062) -> 80.81.194.131:443 FIN_WAIT_2:FIN_WAIT_2
em1 tcp 80.81.194.131:443 <- 192.168.50.9:28069 FIN_WAIT_2:FIN_WAIT_2
em0 tcp 10.0.56.100:31656 (192.168.50.9:28069) -> 80.81.194.131:443 FIN_WAIT_2:FIN_WAIT_2
em1 udp 192.168.50.1:53 <- 192.168.50.9:57659 MULTIPLE:MULTIPLE
em1 tcp 80.81.194.131:443 <- 192.168.50.9:28072 FIN_WAIT_2:FIN_WAIT_2
em0 tcp 10.0.56.100:57151 (192.168.50.9:28072) -> 80.81.194.131:443 FIN_WAIT_2:FIN_WAIT_2
em1 tcp 80.81.194.131:443 <- 192.168.50.9:28080 FIN_WAIT_2:FIN_WAIT_2
em0 tcp 10.0.56.100:60036 (192.168.50.9:28080) -> 80.81.194.131:443 FIN_WAIT_2:FIN_WAIT_2
em0 udp 10.0.56.100:36046 -> 10.0.56.254:53 SINGLE:NO_TRAFFIC
em1 tcp 80.81.194.131:443 <- 192.168.50.9:28085 FIN_WAIT_2:FIN_WAIT_2
em0 tcp 10.0.56.100:11937 (192.168.50.9:28085) -> 80.81.194.131:443 FIN_WAIT_2:FIN_WAIT_2
em1 tcp 80.81.194.131:443 <- 192.168.50.9:28095 FIN_WAIT_2:FIN_WAIT_2
em0 tcp 10.0.56.100:33130 (192.168.50.9:28095) -> 80.81.194.131:443 FIN_WAIT_2:FIN_WAIT_2
em1 tcp 80.81.194.131:443 <- 192.168.50.9:28098 FIN_WAIT_2:FIN_WAIT_2
em0 tcp 10.0.56.100:50346 (192.168.50.9:28098) -> 80.81.194.131:443 FIN_WAIT_2:FIN_WAIT_2
em4 udp 192.168.60.1:53 <- 192.168.60.101:41199 SINGLE:MULTIPLE
em1 udp 192.168.50.1:53 <- 192.168.50.9:15073 SINGLE:MULTIPLE
em0 udp 10.0.56.100:46275 -> 10.0.56.254:53 MULTIPLE:SINGLE
em1 udp 192.168.50.1:53 <- 192.168.50.9:37865 SINGLE:MULTIPLE
em0 udp 10.0.56.100:55982 -> 10.0.56.254:53 MULTIPLE:SINGLE
em1 udp 192.168.50.1:53 <- 192.168.50.9:55470 SINGLE:MULTIPLE
em0 udp 10.0.56.100:34189 -> 10.0.56.254:53 SINGLE:NO_TRAFFIC
em1 tcp 80.81.194.131:443 <- 192.168.50.9:28104 FIN_WAIT_2:FIN_WAIT_2
em0 tcp 10.0.56.100:11561 (192.168.50.9:28104) -> 80.81.194.131:443 FIN_WAIT_2:FIN_WAIT_2
em1 tcp 80.81.194.131:443 <- 192.168.50.9:28107 FIN_WAIT_2:FIN_WAIT_2
em0 tcp 10.0.56.100:45083 (192.168.50.9:28107) -> 80.81.194.131:443 FIN_WAIT_2:FIN_WAIT_2
em1 udp 192.168.50.1:53 <- 192.168.50.9:40321 SINGLE:MULTIPLE
em0 udp 10.0.56.100:12435 -> 10.0.56.254:53 MULTIPLE:SINGLE
em1 udp 192.168.50.1:53 <- 192.168.50.9:57084 SINGLE:MULTIPLE
em0 udp 10.0.56.100:43160 -> 10.0.56.254:53 MULTIPLE:SINGLE
em1 udp 192.168.50.1:53 <- 192.168.50.9:53063 SINGLE:MULTIPLE
em0 udp 10.0.56.100:15412 -> 10.0.56.254:53 SINGLE:NO_TRAFFIC
em1 tcp 80.81.194.131:443 <- 192.168.50.9:28115 FIN_WAIT_2:FIN_WAIT_2
em0 tcp 10.0.56.100:10867 (192.168.50.9:28115) -> 80.81.194.131:443 FIN_WAIT_2:FIN_WAIT_2
em4 udp 192.168.60.1:53 <- 192.168.60.101:38264 SINGLE:MULTIPLE
em1 tcp 80.81.194.131:443 <- 192.168.50.9:28118 FIN_WAIT_2:FIN_WAIT_2
em0 tcp 10.0.56.100:39013 (192.168.50.9:28118) -> 80.81.194.131:443 FIN_WAIT_2:FIN_WAIT_2
lo0 udp 127.0.0.1:53 <- 127.0.0.1:56408 SINGLE:MULTIPLE
em0 udp 10.0.56.100:51724 -> 10.0.56.254:53 MULTIPLE:SINGLE
em0 udp 10.0.56.100:32809 -> 10.0.56.254:53 MULTIPLE:SINGLE
em0 udp 10.0.56.100:10739 -> 10.0.56.254:53 MULTIPLE:SINGLE
em1 tcp 80.81.194.131:443 <- 192.168.50.9:28128 ESTABLISHED:ESTABLISHED
em0 tcp 10.0.56.100:63957 (192.168.50.9:28128) -> 80.81.194.131:443 ESTABLISHED:ESTABLISHEDINFO:
Status: Enabled for 0 days 00:31:24 Debug: UrgentInterface Stats for em1 IPv4 IPv6
Bytes In 5629158 0
Bytes Out 4403937 320
Packets In
Passed 16531 0
Blocked 9860 0
Packets Out
Passed 16739 0
Blocked 0 4State Table Total Rate
current entries 117
searches 194450 103.2/s
inserts 2953 1.6/s
removals 2836 1.5/s
Counters
match 13586 7.2/s
bad-offset 0 0.0/s
fragment 0 0.0/s
short 0 0.0/s
normalize 0 0.0/s
memory 0 0.0/s
bad-timestamp 0 0.0/s
congestion 0 0.0/s
ip-option 0 0.0/s
proto-cksum 0 0.0/s
state-mismatch 4 0.0/s
state-insert 0 0.0/s
state-limit 0 0.0/s
src-limit 0 0.0/s
synproxy 0 0.0/s
divert 0 0.0/sLABEL COUNTERS:
pass IPv6 loopback 12895 0 0 0 0 0 0 0
pass IPv6 loopback 165 0 0 0 0 0 0 0
Block all IPv6 12565 28 3808 28 3808 0 0 0
Block all IPv6 1333 0 0 0 0 0 0 0
Block IPv4 link-local 12865 0 0 0 0 0 0 0
Block IPv4 link-local 11368 0 0 0 0 0 0 0
Default deny rule IPv4 11368 10321 1061133 10321 1061133 0 0 0
Default deny rule IPv4 12866 0 0 0 0 0 0 0
Default deny rule IPv6 12865 0 0 0 0 0 0 0
Default deny rule IPv6 1499 0 0 0 0 0 0 0
Block traffic from port 0 12867 0 0 0 0 0 0 0
Block traffic from port 0 10615 0 0 0 0 0 0 0
Block traffic to port 0 12867 0 0 0 0 0 0 0
Block traffic to port 0 10615 0 0 0 0 0 0 0
Block traffic from port 0 12867 0 0 0 0 0 0 0
Block traffic from port 0 34 0 0 0 0 0 0 0
Block traffic to port 0 0 0 0 0 0 0 0 0
Block traffic to port 0 0 0 0 0 0 0 0 0
Block snort2c hosts 12867 0 0 0 0 0 0 0
Block snort2c hosts 12867 0 0 0 0 0 0 0
sshlockout 12865 0 0 0 0 0 0 0
webConfiguratorlockout 1869 0 0 0 0 0 0 0
virusprot overload table 11743 0 0 0 0 0 0 0
allow access to DHCP server 10429 3 984 3 984 0 0 3
allow access to DHCP server 1 2 669 1 334 1 335 1
allow access to DHCP server 10491 3 987 0 0 3 987 3
allow dhcp client out WAN0NAT 73 0 0 0 0 0 0 0
allow dhcp client out WAN0NAT 1557 0 0 0 0 0 0 0
allow access to DHCP server 485 0 0 0 0 0 0 0
allow access to DHCP server 1 2 656 1 328 1 328 1
allow access to DHCP server 1577 0 0 0 0 0 0 0
pass IPv4 loopback 12858 330 31520 165 12975 165 18545 165
pass IPv4 loopback 330 0 0 0 0 0 0 0
pass IPv6 loopback 330 0 0 0 0 0 0 0
pass IPv6 loopback 165 0 0 0 0 0 0 0
let out anything IPv4 from firewall host itself 12858 8082 2925143 3681 1500274 4401 1424869 1093
let out anything IPv6 from firewall host itself 1496 0 0 0 0 0 0 0
let out anything from firewall host itself 1495 21621 5460449 10590 2589583 11031 2870866 399
let out anything from firewall host itself 576 0 0 0 0 0 0 0
let out anything from firewall host itself 1496 0 0 0 0 0 0 0
let out anything from firewall host itself 1496 0 0 0 0 0 0 0
let out anything from firewall host itself 1495 0 0 0 0 0 0 0
anti-lockout rule 13528 0 0 0 0 0 0 0
anti-lockout rule 707 0 0 0 0 0 0 0
USER_RULE: NAT NAT for enekets http PRD to DILEWEB0001 13530 0 0 0 0 0 0 0
USER_RULE: NAT NAT for enekets http ACC to DILEWEB0001 0 0 0 0 0 0 0 0
USER_RULE 86 0 0 0 0 0 0 0
USER_RULE 9 0 0 0 0 0 0 0
USER_RULE 9 0 0 0 0 0 0 0
USER_RULE 0 0 0 0 0 0 0 0
USER_RULE 0 0 0 0 0 0 0 0
USER_RULE 0 0 0 0 0 0 0 0
USER_RULE 85 1794 1302510 714 54171 1080 1248339 16
USER_RULE: Easy Rule: Passed from Firewall Log View 0 0 0 0 0 0 0 0
USER_RULE: Easy Rule: Passed from Firewall Log View 0 0 0 0 0 0 0 0
USER_RULE: Easy Rule: Passed from Firewall Log View 0 0 0 0 0 0 0 0
USER_RULE: Allow LAN DNS lookups 11989 0 0 0 0 0 0 0
USER_RULE: Allow LAN DNS lookups 9441 1381 151531 691 64434 690 87097 406
USER_RULE: Allow outgoing to vpn.zoelidad.com 10245 21960 5565860 11182 2926935 10778 2638925 373
USER_RULE: Allow outgoing to vpn.zoelidad.com 8819 428 124997 223 68583 205 56414 0
USER_RULE: allow access to synology 9860 0 0 0 0 0 0 0
USER_RULE: Allow Ping to enekets - SMTP 9860 0 0 0 0 0 0 0
USER_RULE: Allow Ping to enekets - LDAP 16 0 0 0 0 0 0 0
USER_RULE: allow ping from 192.168. subnet 1298 0 0 0 0 0 0 0
USER_RULE: allow ping from 192.168. subnet 186 0 0 0 0 0 0 0
USER_RULE: allow ping from 192.168. subnet 186 0 0 0 0 0 0 0
USER_RULE: NAT NAT for zoelidad Sub to enekets http PRD to DIL... 9984 0 0 0 0 0 0 0
USER_RULE 5 0 0 0 0 0 0 0
USER_RULE 135 0 0 0 0 0 0 0
USER_RULE: Allow pfSense Admin from OPT1 5 359 161470 175 26586 184 134884 4
USER_RULE 136 3470 519515 1681 112753 1789 406762 1
USER_RULE: NAT NAT for zoelidad Sub to enekets Oracle EM 0 0 0 0 0 0 0 0
USER_RULE: NAT NAT for zoelidad Sub to VO Oracle EM 0 0 0 0 0 0 0 0
USER_RULE: NAT NAT for zoelidad Sub to VO Oracle SQLNet 0 0 0 0 0 0 0 0
USER_RULE 11134 0 0 0 0 0 0 0
USER_RULE: Allow DNS lookups 11093 0 0 0 0 0 0 0
USER_RULE: Allow DNS lookups 476 266 21741 136 9252 130 12489 63
USER_RULE: Allow outgoing softether to vpn.zoelidad.com 460 0 0 0 0 0 0 0
USER_RULE: Allow outgoing softether to vpn.zoelidad.com 58 0 0 0 0 0 0 0
USER_RULE: NAT Allow secure VO subnet (via OPT interface) ac... 460 0 0 0 0 0 0 0
USER_RULE 460 0 0 0 0 0 0 0
USER_RULE: Allow LAN2 - VO object access to Oracle 460 5922 2618721 3261 1324051 2661 1294670 10TIMEOUTS:
tcp.first 120s
tcp.opening 30s
tcp.established 86400s
tcp.closing 900s
tcp.finwait 45s
tcp.closed 90s
tcp.tsdiff 30s
udp.first 60s
udp.single 30s
udp.multiple 60s
icmp.first 20s
icmp.error 10s
other.first 60s
other.single 30s
other.multiple 60s
frag 30s
interval 10s
adaptive.start 120600 states
adaptive.end 241200 states
src.track 0sLIMITS:
states hard limit 201000
src-nodes hard limit 201000
frags hard limit 5000
table-entries hard limit 2000000TABLES:
bogons
snort2c
sshlockout
tonatsubnets
virusprot
webConfiguratorlockoutOS FINGERPRINTS:
710 fingerprints loaded</virusprot></webconfiguratorlockout></sshlockout></snort2c></snort2c></tonatsubnets></tonatsubnets></tonatsubnets></tonatsubnets></tonatsubnets></tonatsubnets> -
Clear the browsers cache.