4. Strange issue

Strange issue

  • W

    Argh, I was too quick and deleted the actual question!

    I have a pfsense with WAN / em0 on 10.0.56.100/24. Also a LAN / em1 at 192.168.50.1/24.
    I created a VIP for WAN on 10.0.56.11 and created a port forward rule for 10.0.56.11:10080 to 192.168.50.10:10080.
    A client on the WAN with ip 10.0.56.101 hits port 10080 and gets forwarded. That works.
    A client on the WAN with ip 10.44.0.243 hits port 10080 and gets forwarded. Working.

    I now copy that port forwarding rule and change port 10080 to 80.
    A client on the WAN with ip 10.0.56.101 hits port 80 and gets forwarded. That works.
    A client on the WAN with ip 10.44.0.243 hits port 80 and gets the pfsense admin redirect page to 8443 (8443 is what I set the admin web configurator to)
    I disable the redirect in the advanced setup option, reboot pfsense, reboot client & browser. Same thing, client with ip 10.44.0.243 hits WAN 10.0.56.11:80 and gets the admin redirect.

    Where should I start looking?

    pfctl -sa
    TRANSLATION RULES:
    no nat proto carp all
    nat-anchor "natearly/" all
    nat-anchor "natrules/    " all
    nat on em0 inet from <tonatsubnets>to any port = isakmp -> 10.0.56.100 static-port
    nat on em0 inet from <tonatsubnets>to any -> 10.0.56.100 port 1024:65535
    nat on em2 inet from <tonatsubnets>to any port = isakmp -> 192.168.20.20 static-port
    nat on em2 inet from <tonatsubnets>to any -> 192.168.20.20 port 1024:65535
    nat on em3 inet from <tonatsubnets>to any port = isakmp -> 172.31.255.100 static-port
    nat on em3 inet from <tonatsubnets>to any -> 172.31.255.100 port 1024:65535
    no rdr proto carp all
    rdr-anchor "relayd/" all
    rdr-anchor "tftp-proxy/    " all
    rdr on em0 inet proto tcp from any to 10.0.56.11 port = http -> 192.168.50.10
    rdr on em0 inet proto tcp from any to 10.0.56.11 port = amanda -> 192.168.50.10
    rdr on em2 inet proto tcp from 192.168.0.11 to 192.168.20.21 port = http -> 192.168.50.10
    rdr on em2 inet proto tcp from 192.168.0.0/24 to 192.168.20.21 port = 1158 -> 192.168.50.9
    rdr on em2 inet proto tcp from 192.168.0.0/24 to 192.168.20.21 port = ncube-lm -> 192.168.50.9
    rdr on em2 inet proto tcp from 192.168.0.0/24 to 192.168.20.21 port = 5500 -> 192.168.50.9
    rdr on em2 inet proto tcp from 192.168.20.0/24 to 192.168.20.20 port = 8443 -> 192.168.50.1
    rdr on em4 inet proto tcp from 192.168.60.0/24 to 192.168.20.20 port = 8443 -> 192.168.50.1
    rdr on em2 inet proto tcp from 192.168.20.0/24 to 192.168.20.20 port = 3000 -> 192.168.50.1 port 8443
    rdr-anchor "miniupnpd" all

    FILTER RULES:
    scrub on em0 all no-df fragment reassemble
    scrub on em1 all no-df fragment reassemble
    scrub on em2 all no-df fragment reassemble
    scrub on em3 all no-df fragment reassemble
    scrub on em4 all no-df fragment reassemble
    anchor "relayd/" all
    anchor "openvpn/    " all
    anchor "ipsec/" all
    pass in log quick on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback"
    pass out log quick on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback"
    block drop in log quick inet6 all label "Block all IPv6"
    block drop out log quick inet6 all label "Block all IPv6"
    block drop in log quick inet from 169.254.0.0/16 to any label "Block IPv4 link-local"
    block drop in log quick inet from any to 169.254.0.0/16 label "Block IPv4 link-local"
    block drop in log inet all label "Default deny rule IPv4"
    block drop out log inet all label "Default deny rule IPv4"
    block drop in log inet6 all label "Default deny rule IPv6"
    block drop out log inet6 all label "Default deny rule IPv6"
    pass log quick inet6 proto ipv6-icmp all icmp6-type unreach keep state
    pass log quick inet6 proto ipv6-icmp all icmp6-type toobig keep state
    pass log quick inet6 proto ipv6-icmp all icmp6-type neighbrsol keep state
    pass log quick inet6 proto ipv6-icmp all icmp6-type neighbradv keep state
    pass out log quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echorep keep state
    pass out log quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state
    pass out log quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state
    pass out log quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state
    pass out log quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state
    pass out log quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echorep keep state
    pass out log quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state
    pass out log quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state
    pass out log quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state
    pass out log quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state
    pass in log quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type echoreq keep state
    pass in log quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routersol keep state
    pass in log quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type routeradv keep state
    pass in log quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbrsol keep state
    pass in log quick inet6 proto ipv6-icmp from fe80::/10 to fe80::/10 icmp6-type neighbradv keep state
    pass in log quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type echoreq keep state
    pass in log quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routersol keep state
    pass in log quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type routeradv keep state
    pass in log quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type neighbrsol keep state
    pass in log quick inet6 proto ipv6-icmp from ff02::/16 to fe80::/10 icmp6-type neighbradv keep state
    pass in log quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type echoreq keep state
    pass in log quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routersol keep state
    pass in log quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type routeradv keep state
    pass in log quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbrsol keep state
    pass in log quick inet6 proto ipv6-icmp from fe80::/10 to ff02::/16 icmp6-type neighbradv keep state
    block drop log quick inet proto tcp from any port = 0 to any label "Block traffic from port 0"
    block drop log quick inet proto udp from any port = 0 to any label "Block traffic from port 0"
    block drop log quick inet proto tcp from any to any port = 0 label "Block traffic to port 0"
    block drop log quick inet proto udp from any to any port = 0 label "Block traffic to port 0"
    block drop log quick inet6 proto tcp from any port = 0 to any label "Block traffic from port 0"
    block drop log quick inet6 proto udp from any port = 0 to any label "Block traffic from port 0"
    block drop log quick inet6 proto tcp from any to any port = 0 label "Block traffic to port 0"
    block drop log quick inet6 proto udp from any to any port = 0 label "Block traffic to port 0"
    block drop log quick from <snort2c>to any label "Block snort2c hosts"
    block drop log quick from any to <snort2c>label "Block snort2c hosts"
    block drop in log quick proto carp from (self) to any
    pass log quick proto carp all no state
    block drop in log quick proto tcp from <sshlockout>to (self) port = ssh label "sshlockout"
    block drop in log quick proto tcp from <webconfiguratorlockout>to (self) port = 8443 label "webConfiguratorlockout"
    block drop in log quick from <virusprot>to any label "virusprot overload table"
    block drop in log on ! em0 inet from 10.0.56.0/24 to any
    block drop in log inet from 10.0.56.100 to any
    block drop in log inet from 10.0.56.11 to any
    block drop in log on em0 inet6 from fe80::20c:29ff:fe47:57ba to any
    block drop in log on ! em1 inet from 192.168.50.0/24 to any
    block drop in log inet from 192.168.50.1 to any
    block drop in log on em1 inet6 from fe80::20c:29ff:fe47:57c4 to any
    pass in log quick on em1 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server"
    pass in log quick on em1 inet proto udp from any port = bootpc to 192.168.50.1 port = bootps keep state label "allow access to DHCP server"
    pass out log quick on em1 inet proto udp from 192.168.50.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server"
    block drop in log on ! em2 inet from 192.168.20.0/24 to any
    block drop in log inet from 192.168.20.20 to any
    block drop in log inet from 192.168.20.21 to any
    block drop in log on em2 inet6 from fe80::20c:29ff:fe47:57ce to any
    block drop in log on ! em3 inet from 172.31.255.0/24 to any
    block drop in log inet from 172.31.255.100 to any
    block drop in log on em3 inet6 from fe80::20c:29ff:fe47:57d8 to any
    pass in log on em3 proto udp from any port = bootps to any port = bootpc keep state label "allow dhcp client out WAN0NAT"
    pass out log on em3 proto udp from any port = bootpc to any port = bootps keep state label "allow dhcp client out WAN0NAT"
    block drop in log on ! em4 inet from 192.168.60.0/24 to any
    block drop in log inet from 192.168.60.1 to any
    block drop in log on em4 inet6 from fe80::20c:29ff:fe47:57e2 to any
    pass in log quick on em4 inet proto udp from any port = bootpc to 255.255.255.255 port = bootps keep state label "allow access to DHCP server"
    pass in log quick on em4 inet proto udp from any port = bootpc to 192.168.60.1 port = bootps keep state label "allow access to DHCP server"
    pass out log quick on em4 inet proto udp from 192.168.60.1 port = bootps to any port = bootpc keep state label "allow access to DHCP server"
    pass in log on lo0 inet all flags S/SA keep state label "pass IPv4 loopback"
    pass out log on lo0 inet all flags S/SA keep state label "pass IPv4 loopback"
    pass in log on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback"
    pass out log on lo0 inet6 all flags S/SA keep state label "pass IPv6 loopback"
    pass out log inet all flags S/SA keep state allow-opts label "let out anything IPv4 from firewall host itself"
    pass out log inet6 all flags S/SA keep state allow-opts label "let out anything IPv6 from firewall host itself"
    pass out log route-to (em0 10.0.56.254) inet from 10.0.56.100 to ! 10.0.56.0/24 flags S/SA keep state allow-opts label "let out anything from firewall host itself"
    pass out log route-to (em0 10.0.56.254) inet from 10.0.56.11 to ! 10.0.56.0/24 flags S/SA keep state allow-opts label "let out anything from firewall host itself"
    pass out log route-to (em2 192.168.20.1) inet from 192.168.20.20 to ! 192.168.20.0/24 flags S/SA keep state allow-opts label "let out anything from firewall host itself"
    pass out log route-to (em2 192.168.20.1) inet from 192.168.20.21 to ! 192.168.20.0/24 flags S/SA keep state allow-opts label "let out anything from firewall host itself"
    pass out log route-to (em3 172.31.255.1) inet from 172.31.255.100 to ! 172.31.255.0/24 flags S/SA keep state allow-opts label "let out anything from firewall host itself"
    pass in log quick on em1 proto tcp from any to (em1) port = 8443 flags S/SA keep state label "anti-lockout rule"
    pass in log quick on em1 proto tcp from any to (em1) port = ssh flags S/SA keep state label "anti-lockout rule"
    anchor "userrules/    " all
    pass in log quick on em0 reply-to (em0 10.0.56.254) inet proto tcp from any to 192.168.50.10 port = http flags S/SA keep state label "USER_RULE: NAT NAT for enekets http PRD to DILEWEB0001"
    pass in log quick on em0 reply-to (em0 10.0.56.254) inet proto tcp from any to 192.168.50.10 port = amanda flags S/SA keep state label "USER_RULE: NAT NAT for enekets http ACC to DILEWEB0001"
    pass in quick on em0 reply-to (em0 10.0.56.254) inet proto icmp from any to (self) icmp-type echorep keep state label "USER_RULE"
    pass in quick on em0 reply-to (em0 10.0.56.254) inet proto icmp from any to (self) icmp-type echoreq keep state label "USER_RULE"
    pass in quick on em0 reply-to (em0 10.0.56.254) inet proto icmp from any to (self) icmp-type trace keep state label "USER_RULE"
    pass in quick on em0 reply-to (em0 10.0.56.254) inet proto icmp from any to 10.0.56.11 icmp-type echorep keep state label "USER_RULE"
    pass in quick on em0 reply-to (em0 10.0.56.254) inet proto icmp from any to 10.0.56.11 icmp-type echoreq keep state label "USER_RULE"
    pass in quick on em0 reply-to (em0 10.0.56.254) inet proto icmp from any to 10.0.56.11 icmp-type trace keep state label "USER_RULE"
    pass in quick on em0 reply-to (em0 10.0.56.254) inet from any to 10.0.56.11 flags S/SA keep state label "USER_RULE"
    pass in quick on em0 reply-to (em0 10.0.56.254) inet proto tcp from 10.44.0.0/24 to 10.0.56.11 port = http flags S/SA keep state label "USER_RULE: Easy Rule: Passed from Firewall Log View"
    pass in quick on em0 reply-to (em0 10.0.56.254) inet proto tcp from 10.44.0.0/24 to 10.0.56.11 port = amanda flags S/SA keep state label "USER_RULE: Easy Rule: Passed from Firewall Log View"
    pass in quick on em0 reply-to (em0 10.0.56.254) inet proto tcp from 10.44.0.243 to 10.0.56.11 port = http flags S/SA keep state label "USER_RULE: Easy Rule: Passed from Firewall Log View"
    pass in quick on em1 inet proto tcp from any to (self) port = domain flags S/SA keep state label "USER_RULE: Allow LAN DNS lookups"
    pass in quick on em1 inet proto udp from any to (self) port = domain keep state label "USER_RULE: Allow LAN DNS lookups"
    pass in quick on em1 inet proto tcp from 192.168.50.0/24 to 80.81.194.131 port = https flags S/SA keep state label "USER_RULE: Allow outgoing softether to vpn.zoelidad.com"
    pass in quick on em1 inet proto udp from 192.168.50.0/24 to 80.81.194.131 port = https keep state label "USER_RULE: Allow outgoing softether to vpn.zoelidad.com"
    pass in quick on em1 inet proto tcp from 192.168.50.0/24 to 192.168.20.104 port = ssh flags S/SA keep state label "USER_RULE: allow access to synology"
    pass in quick on em1 inet proto icmp from 192.168.50.0/24 to 10.44.2.4 keep state label "USER_RULE: Allow Ping to enekets - SMTP"
    pass in quick on em1 inet proto icmp from 192.168.50.0/24 to 10.44.2.1 keep state label "USER_RULE: Allow Ping to enekets - LDAP"
    pass in quick on em2 reply-to (em2 192.168.20.1) inet proto icmp from any to 192.168.20.20 icmp-type echorep keep state label "USER_RULE: allow ping from 192.168. subnet"
    pass in quick on em2 reply-to (em2 192.168.20.1) inet proto icmp from any to 192.168.20.20 icmp-type echoreq keep state label "USER_RULE: allow ping from 192.168. subnet"
    pass in quick on em2 reply-to (em2 192.168.20.1) inet proto icmp from any to 192.168.20.20 icmp-type trace keep state label "USER_RULE: allow ping from 192.168. subnet"
    pass in quick on em2 reply-to (em2 192.168.20.1) inet proto tcp from 192.168.0.11 to 192.168.50.10 port = http flags S/SA keep state label "USER_RULE: NAT NAT for zoelidad Sub to enekets http PRD to DIL…"
    pass in quick on em2 reply-to (em2 192.168.20.1) inet proto tcp from 192.168.20.0/24 to (self) port = 3000 flags S/SA keep state label "USER_RULE"
    pass in quick on em2 reply-to (em2 192.168.20.1) inet from 192.168.20.0/24 to (self) flags S/SA keep state label "USER_RULE"
    pass in quick on em2 reply-to (em2 192.168.20.1) inet proto tcp from any to (self) port = 8443 flags S/SA keep state label "USER_RULE: Allow pfSense Admin from OPT1"
    pass in quick on em2 reply-to (em2 192.168.20.1) inet proto tcp from any to any port = ssh flags S/SA keep state label "USER_RULE"
    pass in quick on em2 reply-to (em2 192.168.20.1) inet proto tcp from 192.168.0.0/24 to 192.168.50.9 port = 1158 flags S/SA keep state label "USER_RULE: NAT NAT for zoelidad Sub to enekets Oracle EM"
    pass in quick on em2 reply-to (em2 192.168.20.1) inet proto tcp from 192.168.0.0/24 to 192.168.50.9 port = 5500 flags S/SA keep state label "USER_RULE: NAT NAT for zoelidad Sub to VO Oracle EM"
    pass in quick on em2 reply-to (em2 192.168.20.1) inet proto tcp from 192.168.0.0/24 to 192.168.50.9 port = ncube-lm flags S/SA keep state label "USER_RULE: NAT NAT for zoelidad Sub to VO Oracle SQLNet"
    pass in log quick on em3 reply-to (em3 172.31.255.1) inet proto icmp from any to (self) keep state label "USER_RULE"
    pass in quick on em4 inet proto tcp from any to (self) port = domain flags S/SA keep state label "USER_RULE: Allow DNS lookups"
    pass in quick on em4 inet proto udp from any to (self) port = domain keep state label "USER_RULE: Allow DNS lookups"
    pass in quick on em4 inet proto tcp from 192.168.60.0/24 to 80.81.194.131 port = https flags S/SA keep state label "USER_RULE: Allow outgoing softether to vpn.zoelidad.com"
    pass in quick on em4 inet proto udp from 192.168.60.0/24 to 80.81.194.131 port = https keep state label "USER_RULE: Allow outgoing softether to vpn.zoelidad.com"
    pass in quick on em4 inet proto tcp from 192.168.60.0/24 to 192.168.50.1 port = 8443 flags S/SA keep state label "USER_RULE: NAT Allow secure VO subnet (via OPT interface) ac..."
    pass in quick on em4 inet from 192.168.60.0/24 to (self) flags S/SA keep state label "USER_RULE"
    pass in quick on em4 inet proto tcp from 192.168.60.0/24 to 192.168.50.9 port = ncube-lm flags S/SA keep state label "USER_RULE: Allow LAN2 - VO object access to Oracle"
    anchor "tftp-proxy/*" all
    No queue in use

    STATES:
    em0 icmp 10.0.56.11:12 <- 10.44.0.243:12      0:0
    em2 icmp 192.168.20.20:30327 -> 192.168.20.1:30327      0:0
    em1 tcp 80.81.194.131:443 <- 192.168.50.10:53665      ESTABLISHED:ESTABLISHED
    em0 tcp 10.0.56.100:13285 (192.168.50.10:53665) -> 80.81.194.131:443      ESTABLISHED:ESTABLISHED
    lo0 tcp 127.0.0.1:1131 -> 127.0.0.1:6379      ESTABLISHED:ESTABLISHED
    lo0 tcp 127.0.0.1:6379 <- 127.0.0.1:1131      ESTABLISHED:ESTABLISHED
    em1 tcp 80.81.194.131:443 <- 192.168.50.10:53648      ESTABLISHED:ESTABLISHED
    em0 tcp 10.0.56.100:40788 (192.168.50.10:53648) -> 80.81.194.131:443      ESTABLISHED:ESTABLISHED
    em1 tcp 80.81.194.131:443 <- 192.168.50.10:53654      ESTABLISHED:ESTABLISHED
    em0 tcp 10.0.56.100:21753 (192.168.50.10:53654) -> 80.81.194.131:443      ESTABLISHED:ESTABLISHED
    lo0 tcp 127.0.0.1:51872 -> 127.0.0.1:6379      ESTABLISHED:ESTABLISHED
    lo0 tcp 127.0.0.1:6379 <- 127.0.0.1:51872      ESTABLISHED:ESTABLISHED
    em1 tcp 80.81.194.131:443 <- 192.168.50.10:53658      ESTABLISHED:ESTABLISHED
    em0 tcp 10.0.56.100:32930 (192.168.50.10:53658) -> 80.81.194.131:443      ESTABLISHED:ESTABLISHED
    em1 tcp 80.81.194.131:443 <- 192.168.50.10:53660      ESTABLISHED:ESTABLISHED
    em0 tcp 10.0.56.100:45843 (192.168.50.10:53660) -> 80.81.194.131:443      ESTABLISHED:ESTABLISHED
    em1 tcp 80.81.194.131:443 <- 192.168.50.10:53662      ESTABLISHED:ESTABLISHED
    em0 tcp 10.0.56.100:57811 (192.168.50.10:53662) -> 80.81.194.131:443      ESTABLISHED:ESTABLISHED
    em1 tcp 80.81.194.131:443 <- 192.168.50.10:53667      ESTABLISHED:ESTABLISHED
    em0 tcp 10.0.56.100:59205 (192.168.50.10:53667) -> 80.81.194.131:443      ESTABLISHED:ESTABLISHED
    em1 tcp 80.81.194.131:443 <- 192.168.50.10:53670      ESTABLISHED:ESTABLISHED
    em0 tcp 10.0.56.100:63381 (192.168.50.10:53670) -> 80.81.194.131:443      ESTABLISHED:ESTABLISHED
    em1 tcp 80.81.194.131:443 <- 192.168.50.10:53671      ESTABLISHED:ESTABLISHED
    em0 tcp 10.0.56.100:64361 (192.168.50.10:53671) -> 80.81.194.131:443      ESTABLISHED:ESTABLISHED
    em1 tcp 80.81.194.131:443 <- 192.168.50.10:53673      ESTABLISHED:ESTABLISHED
    em0 tcp 10.0.56.100:43319 (192.168.50.10:53673) -> 80.81.194.131:443      ESTABLISHED:ESTABLISHED
    em2 tcp 192.168.20.20:22 <- 192.168.0.53:61197      ESTABLISHED:ESTABLISHED
    em0 udp 10.0.56.100:65390 -> 10.0.56.254:53      SINGLE:NO_TRAFFIC
    em0 udp 10.0.56.100:43577 -> 10.0.56.254:53      MULTIPLE:SINGLE
    em0 udp 10.0.56.100:27318 -> 10.0.56.254:53      MULTIPLE:SINGLE
    em0 udp 10.0.56.100:27499 -> 10.0.56.254:53      MULTIPLE:SINGLE
    em0 udp 10.0.56.100:51239 -> 10.0.56.254:53      MULTIPLE:SINGLE
    em0 udp 10.0.56.100:58692 -> 10.0.56.254:53      MULTIPLE:SINGLE
    em0 udp 10.0.56.100:36234 -> 10.0.56.254:53      MULTIPLE:SINGLE
    em0 udp 10.0.56.100:53939 -> 10.0.56.254:53      MULTIPLE:SINGLE
    em0 udp 10.0.56.100:26225 -> 10.0.56.254:53      MULTIPLE:SINGLE
    em0 udp 10.0.56.100:7183 -> 10.0.56.254:53      MULTIPLE:SINGLE
    lo0 udp 127.0.0.1:56408 -> 127.0.0.1:53      MULTIPLE:SINGLE
    em0 udp 10.0.56.100:8438 -> 10.0.56.254:53      MULTIPLE:SINGLE
    em4 tcp 192.168.50.9:1521 <- 192.168.60.101:43820      ESTABLISHED:ESTABLISHED
    em1 tcp 192.168.60.101:43820 -> 192.168.50.9:1521      ESTABLISHED:ESTABLISHED
    em4 tcp 192.168.50.9:1521 <- 192.168.60.101:43822      ESTABLISHED:ESTABLISHED
    em1 tcp 192.168.60.101:43822 -> 192.168.50.9:1521      ESTABLISHED:ESTABLISHED
    em4 tcp 192.168.50.9:1521 <- 192.168.60.101:43826      ESTABLISHED:ESTABLISHED
    em1 tcp 192.168.60.101:43826 -> 192.168.50.9:1521      ESTABLISHED:ESTABLISHED
    em4 tcp 192.168.50.9:1521 <- 192.168.60.101:43828      ESTABLISHED:ESTABLISHED
    em1 tcp 192.168.60.101:43828 -> 192.168.50.9:1521      ESTABLISHED:ESTABLISHED
    em4 tcp 192.168.50.9:1521 <- 192.168.60.101:43830      ESTABLISHED:ESTABLISHED
    em1 tcp 192.168.60.101:43830 -> 192.168.50.9:1521      ESTABLISHED:ESTABLISHED
    em4 tcp 192.168.50.9:1521 <- 192.168.60.101:43832      ESTABLISHED:ESTABLISHED
    em1 tcp 192.168.60.101:43832 -> 192.168.50.9:1521      ESTABLISHED:ESTABLISHED
    em4 tcp 192.168.50.9:1521 <- 192.168.60.101:43842      ESTABLISHED:ESTABLISHED
    em1 tcp 192.168.60.101:43842 -> 192.168.50.9:1521      ESTABLISHED:ESTABLISHED
    em4 tcp 192.168.50.9:1521 <- 192.168.60.101:43844      ESTABLISHED:ESTABLISHED
    em1 tcp 192.168.60.101:43844 -> 192.168.50.9:1521      ESTABLISHED:ESTABLISHED
    em4 tcp 192.168.50.9:1521 <- 192.168.60.101:43846      ESTABLISHED:ESTABLISHED
    em1 tcp 192.168.60.101:43846 -> 192.168.50.9:1521      ESTABLISHED:ESTABLISHED
    em1 tcp 80.81.194.131:443 <- 192.168.50.9:28017      FIN_WAIT_2:FIN_WAIT_2
    em0 tcp 10.0.56.100:42588 (192.168.50.9:28017) -> 80.81.194.131:443      FIN_WAIT_2:FIN_WAIT_2
    em1 tcp 80.81.194.131:443 <- 192.168.50.9:28027      FIN_WAIT_2:FIN_WAIT_2
    em0 tcp 10.0.56.100:20324 (192.168.50.9:28027) -> 80.81.194.131:443      FIN_WAIT_2:FIN_WAIT_2
    em1 tcp 80.81.194.131:443 <- 192.168.50.9:28030      FIN_WAIT_2:FIN_WAIT_2
    em0 tcp 10.0.56.100:25854 (192.168.50.9:28030) -> 80.81.194.131:443      FIN_WAIT_2:FIN_WAIT_2
    em1 tcp 80.81.194.131:443 <- 192.168.50.9:28035      FIN_WAIT_2:FIN_WAIT_2
    em0 tcp 10.0.56.100:37798 (192.168.50.9:28035) -> 80.81.194.131:443      FIN_WAIT_2:FIN_WAIT_2
    em1 tcp 80.81.194.131:443 <- 192.168.50.9:28038      FIN_WAIT_2:FIN_WAIT_2
    em0 tcp 10.0.56.100:31945 (192.168.50.9:28038) -> 80.81.194.131:443      FIN_WAIT_2:FIN_WAIT_2
    em1 tcp 80.81.194.131:443 <- 192.168.50.9:28045      FIN_WAIT_2:FIN_WAIT_2
    em0 tcp 10.0.56.100:21067 (192.168.50.9:28045) -> 80.81.194.131:443      FIN_WAIT_2:FIN_WAIT_2
    em1 tcp 80.81.194.131:443 <- 192.168.50.9:28048      TIME_WAIT:TIME_WAIT
    em0 tcp 10.0.56.100:21498 (192.168.50.9:28048) -> 80.81.194.131:443      TIME_WAIT:TIME_WAIT
    em1 tcp 80.81.194.131:443 <- 192.168.50.9:28058      FIN_WAIT_2:FIN_WAIT_2
    em0 tcp 10.0.56.100:13172 (192.168.50.9:28058) -> 80.81.194.131:443      FIN_WAIT_2:FIN_WAIT_2
    em1 tcp 80.81.194.131:443 <- 192.168.50.9:28062      FIN_WAIT_2:FIN_WAIT_2
    em0 tcp 10.0.56.100:45119 (192.168.50.9:28062) -> 80.81.194.131:443      FIN_WAIT_2:FIN_WAIT_2
    em1 tcp 80.81.194.131:443 <- 192.168.50.9:28069      FIN_WAIT_2:FIN_WAIT_2
    em0 tcp 10.0.56.100:31656 (192.168.50.9:28069) -> 80.81.194.131:443      FIN_WAIT_2:FIN_WAIT_2
    em1 udp 192.168.50.1:53 <- 192.168.50.9:57659      MULTIPLE:MULTIPLE
    em1 tcp 80.81.194.131:443 <- 192.168.50.9:28072      FIN_WAIT_2:FIN_WAIT_2
    em0 tcp 10.0.56.100:57151 (192.168.50.9:28072) -> 80.81.194.131:443      FIN_WAIT_2:FIN_WAIT_2
    em1 tcp 80.81.194.131:443 <- 192.168.50.9:28080      FIN_WAIT_2:FIN_WAIT_2
    em0 tcp 10.0.56.100:60036 (192.168.50.9:28080) -> 80.81.194.131:443      FIN_WAIT_2:FIN_WAIT_2
    em0 udp 10.0.56.100:36046 -> 10.0.56.254:53      SINGLE:NO_TRAFFIC
    em1 tcp 80.81.194.131:443 <- 192.168.50.9:28085      FIN_WAIT_2:FIN_WAIT_2
    em0 tcp 10.0.56.100:11937 (192.168.50.9:28085) -> 80.81.194.131:443      FIN_WAIT_2:FIN_WAIT_2
    em1 tcp 80.81.194.131:443 <- 192.168.50.9:28095      FIN_WAIT_2:FIN_WAIT_2
    em0 tcp 10.0.56.100:33130 (192.168.50.9:28095) -> 80.81.194.131:443      FIN_WAIT_2:FIN_WAIT_2
    em1 tcp 80.81.194.131:443 <- 192.168.50.9:28098      FIN_WAIT_2:FIN_WAIT_2
    em0 tcp 10.0.56.100:50346 (192.168.50.9:28098) -> 80.81.194.131:443      FIN_WAIT_2:FIN_WAIT_2
    em4 udp 192.168.60.1:53 <- 192.168.60.101:41199      SINGLE:MULTIPLE
    em1 udp 192.168.50.1:53 <- 192.168.50.9:15073      SINGLE:MULTIPLE
    em0 udp 10.0.56.100:46275 -> 10.0.56.254:53      MULTIPLE:SINGLE
    em1 udp 192.168.50.1:53 <- 192.168.50.9:37865      SINGLE:MULTIPLE
    em0 udp 10.0.56.100:55982 -> 10.0.56.254:53      MULTIPLE:SINGLE
    em1 udp 192.168.50.1:53 <- 192.168.50.9:55470      SINGLE:MULTIPLE
    em0 udp 10.0.56.100:34189 -> 10.0.56.254:53      SINGLE:NO_TRAFFIC
    em1 tcp 80.81.194.131:443 <- 192.168.50.9:28104      FIN_WAIT_2:FIN_WAIT_2
    em0 tcp 10.0.56.100:11561 (192.168.50.9:28104) -> 80.81.194.131:443      FIN_WAIT_2:FIN_WAIT_2
    em1 tcp 80.81.194.131:443 <- 192.168.50.9:28107      FIN_WAIT_2:FIN_WAIT_2
    em0 tcp 10.0.56.100:45083 (192.168.50.9:28107) -> 80.81.194.131:443      FIN_WAIT_2:FIN_WAIT_2
    em1 udp 192.168.50.1:53 <- 192.168.50.9:40321      SINGLE:MULTIPLE
    em0 udp 10.0.56.100:12435 -> 10.0.56.254:53      MULTIPLE:SINGLE
    em1 udp 192.168.50.1:53 <- 192.168.50.9:57084      SINGLE:MULTIPLE
    em0 udp 10.0.56.100:43160 -> 10.0.56.254:53      MULTIPLE:SINGLE
    em1 udp 192.168.50.1:53 <- 192.168.50.9:53063      SINGLE:MULTIPLE
    em0 udp 10.0.56.100:15412 -> 10.0.56.254:53      SINGLE:NO_TRAFFIC
    em1 tcp 80.81.194.131:443 <- 192.168.50.9:28115      FIN_WAIT_2:FIN_WAIT_2
    em0 tcp 10.0.56.100:10867 (192.168.50.9:28115) -> 80.81.194.131:443      FIN_WAIT_2:FIN_WAIT_2
    em4 udp 192.168.60.1:53 <- 192.168.60.101:38264      SINGLE:MULTIPLE
    em1 tcp 80.81.194.131:443 <- 192.168.50.9:28118      FIN_WAIT_2:FIN_WAIT_2
    em0 tcp 10.0.56.100:39013 (192.168.50.9:28118) -> 80.81.194.131:443      FIN_WAIT_2:FIN_WAIT_2
    lo0 udp 127.0.0.1:53 <- 127.0.0.1:56408      SINGLE:MULTIPLE
    em0 udp 10.0.56.100:51724 -> 10.0.56.254:53      MULTIPLE:SINGLE
    em0 udp 10.0.56.100:32809 -> 10.0.56.254:53      MULTIPLE:SINGLE
    em0 udp 10.0.56.100:10739 -> 10.0.56.254:53      MULTIPLE:SINGLE
    em1 tcp 80.81.194.131:443 <- 192.168.50.9:28128      ESTABLISHED:ESTABLISHED
    em0 tcp 10.0.56.100:63957 (192.168.50.9:28128) -> 80.81.194.131:443      ESTABLISHED:ESTABLISHED

    INFO:
    Status: Enabled for 0 days 00:31:24          Debug: Urgent

    Interface Stats for em1              IPv4            IPv6
      Bytes In                        5629158                0
      Bytes Out                        4403937              320
      Packets In
        Passed                          16531                0
        Blocked                          9860                0
      Packets Out
        Passed                          16739                0
        Blocked                              0                4

    State Table                          Total            Rate
      current entries                      117
      searches                          194450          103.2/s
      inserts                            2953            1.6/s
      removals                            2836            1.5/s
    Counters
      match                              13586            7.2/s
      bad-offset                            0            0.0/s
      fragment                              0            0.0/s
      short                                  0            0.0/s
      normalize                              0            0.0/s
      memory                                0            0.0/s
      bad-timestamp                          0            0.0/s
      congestion                            0            0.0/s
      ip-option                              0            0.0/s
      proto-cksum                            0            0.0/s
      state-mismatch                        4            0.0/s
      state-insert                          0            0.0/s
      state-limit                            0            0.0/s
      src-limit                              0            0.0/s
      synproxy                              0            0.0/s
      divert                                0            0.0/s

    LABEL COUNTERS:
    pass IPv6 loopback 12895 0 0 0 0 0 0 0
    pass IPv6 loopback 165 0 0 0 0 0 0 0
    Block all IPv6 12565 28 3808 28 3808 0 0 0
    Block all IPv6 1333 0 0 0 0 0 0 0
    Block IPv4 link-local 12865 0 0 0 0 0 0 0
    Block IPv4 link-local 11368 0 0 0 0 0 0 0
    Default deny rule IPv4 11368 10321 1061133 10321 1061133 0 0 0
    Default deny rule IPv4 12866 0 0 0 0 0 0 0
    Default deny rule IPv6 12865 0 0 0 0 0 0 0
    Default deny rule IPv6 1499 0 0 0 0 0 0 0
    Block traffic from port 0 12867 0 0 0 0 0 0 0
    Block traffic from port 0 10615 0 0 0 0 0 0 0
    Block traffic to port 0 12867 0 0 0 0 0 0 0
    Block traffic to port 0 10615 0 0 0 0 0 0 0
    Block traffic from port 0 12867 0 0 0 0 0 0 0
    Block traffic from port 0 34 0 0 0 0 0 0 0
    Block traffic to port 0 0 0 0 0 0 0 0 0
    Block traffic to port 0 0 0 0 0 0 0 0 0
    Block snort2c hosts 12867 0 0 0 0 0 0 0
    Block snort2c hosts 12867 0 0 0 0 0 0 0
    sshlockout 12865 0 0 0 0 0 0 0
    webConfiguratorlockout 1869 0 0 0 0 0 0 0
    virusprot overload table 11743 0 0 0 0 0 0 0
    allow access to DHCP server 10429 3 984 3 984 0 0 3
    allow access to DHCP server 1 2 669 1 334 1 335 1
    allow access to DHCP server 10491 3 987 0 0 3 987 3
    allow dhcp client out WAN0NAT 73 0 0 0 0 0 0 0
    allow dhcp client out WAN0NAT 1557 0 0 0 0 0 0 0
    allow access to DHCP server 485 0 0 0 0 0 0 0
    allow access to DHCP server 1 2 656 1 328 1 328 1
    allow access to DHCP server 1577 0 0 0 0 0 0 0
    pass IPv4 loopback 12858 330 31520 165 12975 165 18545 165
    pass IPv4 loopback 330 0 0 0 0 0 0 0
    pass IPv6 loopback 330 0 0 0 0 0 0 0
    pass IPv6 loopback 165 0 0 0 0 0 0 0
    let out anything IPv4 from firewall host itself 12858 8082 2925143 3681 1500274 4401 1424869 1093
    let out anything IPv6 from firewall host itself 1496 0 0 0 0 0 0 0
    let out anything from firewall host itself 1495 21621 5460449 10590 2589583 11031 2870866 399
    let out anything from firewall host itself 576 0 0 0 0 0 0 0
    let out anything from firewall host itself 1496 0 0 0 0 0 0 0
    let out anything from firewall host itself 1496 0 0 0 0 0 0 0
    let out anything from firewall host itself 1495 0 0 0 0 0 0 0
    anti-lockout rule 13528 0 0 0 0 0 0 0
    anti-lockout rule 707 0 0 0 0 0 0 0
    USER_RULE: NAT NAT for enekets http PRD to DILEWEB0001 13530 0 0 0 0 0 0 0
    USER_RULE: NAT NAT for enekets http ACC to DILEWEB0001 0 0 0 0 0 0 0 0
    USER_RULE 86 0 0 0 0 0 0 0
    USER_RULE 9 0 0 0 0 0 0 0
    USER_RULE 9 0 0 0 0 0 0 0
    USER_RULE 0 0 0 0 0 0 0 0
    USER_RULE 0 0 0 0 0 0 0 0
    USER_RULE 0 0 0 0 0 0 0 0
    USER_RULE 85 1794 1302510 714 54171 1080 1248339 16
    USER_RULE: Easy Rule: Passed from Firewall Log View 0 0 0 0 0 0 0 0
    USER_RULE: Easy Rule: Passed from Firewall Log View 0 0 0 0 0 0 0 0
    USER_RULE: Easy Rule: Passed from Firewall Log View 0 0 0 0 0 0 0 0
    USER_RULE: Allow LAN DNS lookups 11989 0 0 0 0 0 0 0
    USER_RULE: Allow LAN DNS lookups 9441 1381 151531 691 64434 690 87097 406
    USER_RULE: Allow outgoing to vpn.zoelidad.com 10245 21960 5565860 11182 2926935 10778 2638925 373
    USER_RULE: Allow outgoing to vpn.zoelidad.com 8819 428 124997 223 68583 205 56414 0
    USER_RULE: allow access to synology 9860 0 0 0 0 0 0 0
    USER_RULE: Allow Ping to enekets - SMTP 9860 0 0 0 0 0 0 0
    USER_RULE: Allow Ping to enekets - LDAP 16 0 0 0 0 0 0 0
    USER_RULE: allow ping from 192.168. subnet 1298 0 0 0 0 0 0 0
    USER_RULE: allow ping from 192.168. subnet 186 0 0 0 0 0 0 0
    USER_RULE: allow ping from 192.168. subnet 186 0 0 0 0 0 0 0
    USER_RULE: NAT NAT for zoelidad Sub to enekets http PRD to DIL... 9984 0 0 0 0 0 0 0
    USER_RULE 5 0 0 0 0 0 0 0
    USER_RULE 135 0 0 0 0 0 0 0
    USER_RULE: Allow pfSense Admin from OPT1 5 359 161470 175 26586 184 134884 4
    USER_RULE 136 3470 519515 1681 112753 1789 406762 1
    USER_RULE: NAT NAT for zoelidad Sub to enekets Oracle EM 0 0 0 0 0 0 0 0
    USER_RULE: NAT NAT for zoelidad Sub to VO Oracle EM 0 0 0 0 0 0 0 0
    USER_RULE: NAT NAT for zoelidad Sub to VO Oracle SQLNet 0 0 0 0 0 0 0 0
    USER_RULE 11134 0 0 0 0 0 0 0
    USER_RULE: Allow DNS lookups 11093 0 0 0 0 0 0 0
    USER_RULE: Allow DNS lookups 476 266 21741 136 9252 130 12489 63
    USER_RULE: Allow outgoing softether to vpn.zoelidad.com 460 0 0 0 0 0 0 0
    USER_RULE: Allow outgoing softether to vpn.zoelidad.com 58 0 0 0 0 0 0 0
    USER_RULE: NAT Allow secure VO subnet (via OPT interface) ac... 460 0 0 0 0 0 0 0
    USER_RULE 460 0 0 0 0 0 0 0
    USER_RULE: Allow LAN2 - VO object access to Oracle 460 5922 2618721 3261 1324051 2661 1294670 10

    TIMEOUTS:
    tcp.first                  120s
    tcp.opening                  30s
    tcp.established          86400s
    tcp.closing                900s
    tcp.finwait                  45s
    tcp.closed                  90s
    tcp.tsdiff                  30s
    udp.first                    60s
    udp.single                  30s
    udp.multiple                60s
    icmp.first                  20s
    icmp.error                  10s
    other.first                  60s
    other.single                30s
    other.multiple              60s
    frag                        30s
    interval                    10s
    adaptive.start          120600 states
    adaptive.end            241200 states
    src.track                    0s

    LIMITS:
    states        hard limit  201000
    src-nodes    hard limit  201000
    frags        hard limit    5000
    table-entries hard limit  2000000

    TABLES:
    bogons
    snort2c
    sshlockout
    tonatsubnets
    virusprot
    webConfiguratorlockout

    OS FINGERPRINTS:
    710 fingerprints loaded</virusprot></webconfiguratorlockout></sshlockout></snort2c></snort2c></tonatsubnets></tonatsubnets></tonatsubnets></tonatsubnets></tonatsubnets></tonatsubnets>

    0
  • V

    Clear the browsers cache.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy