Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Bogon Network?

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 3 Posters 4.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      Eugene
      last edited by

      Hello!
      pfSense-1.2
      When I configured WAN interface I checked "Block private networks" and "Block bogon networks". Doing port forwarding from WAN to LAN for mail servers.
      Today received complain that client can not connect to mail-server. Tracing showed that this client is using 173.213.162.222 is blocked by pfSense on WAN.
      Adding the next rule as the first one did not help.
      pass in quick on em1 inet from 173.33.198.227 to any keep state label "USER_RULE:"

      I have another WAN1 interface on this box. I asked the client to use this interface to connect to this client. And this IP also was blocked but when I added
      pass in quick on bge1 reply-to (bge1 x.x.x.x) inet from 173.33.198.227 to any keep state label "USER_RULE: OWA"
      as a first rule it started to work.

      I can not turn off blocking of private and bogon networks during the day, will do it after work hours.
      I looked through definitions of these networks and could not find why 173.33.198.227 should be blocked.
      Can anybody explain please?

      EDIT: of course all rules modifications were done trough web-interface.

      Thanks.
      Eugene.

      http://ru.doc.pfsense.org

      1 Reply Last reply Reply Quote 0
      • dotdashD
        dotdash
        last edited by

        173/8 used to be unassigned. It recently got allocated to the cable companies.
        There should be a cron job in the config to update the bogons on the 1st of every month.
        You could drop to a shell and update manually by running /etc/rc.update_bogons.sh
        You might want to copy it to a temp script and modify it- I just noticed it sleeps for a random amount of time before updating…

        1 Reply Last reply Reply Quote 0
        • N
          nocer
          last edited by

          Hi,

          Yup, you should update /etc/bogons now. Just run the script as dotdash pointed. Now that IANA delegated 110/8 and 111/8 are to APNIC already(but not updated http://files.pfsense.org/bogon-bn-nonagg.txt yet).

          cheers,

          1 Reply Last reply Reply Quote 0
          • E
            Eugene
            last edited by

            Thank you gentlemen.

            http://ru.doc.pfsense.org

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.