When I configured WAN interface I checked "Block private networks" and "Block bogon networks". Doing port forwarding from WAN to LAN for mail servers.
Today received complain that client can not connect to mail-server. Tracing showed that this client is using 126.96.36.199 is blocked by pfSense on WAN.
Adding the next rule as the first one did not help.
pass in quick on em1 inet from 188.8.131.52 to any keep state label "USER_RULE:"
I have another WAN1 interface on this box. I asked the client to use this interface to connect to this client. And this IP also was blocked but when I added
pass in quick on bge1 reply-to (bge1 x.x.x.x) inet from 184.108.40.206 to any keep state label "USER_RULE: OWA"
as a first rule it started to work.
I can not turn off blocking of private and bogon networks during the day, will do it after work hours.
I looked through definitions of these networks and could not find why 220.127.116.11 should be blocked.
Can anybody explain please?
EDIT: of course all rules modifications were done trough web-interface.
173/8 used to be unassigned. It recently got allocated to the cable companies.
There should be a cron job in the config to update the bogons on the 1st of every month.
You could drop to a shell and update manually by running /etc/rc.update_bogons.sh
You might want to copy it to a temp script and modify it- I just noticed it sleeps for a random amount of time before updating…
Yup, you should update /etc/bogons now. Just run the script as dotdash pointed. Now that IANA delegated 110/8 and 111/8 are to APNIC already(but not updated http://files.pfsense.org/bogon-bn-nonagg.txt yet).
Thank you gentlemen.