Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall blocking some websites

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 1.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • XentrkX
      Xentrk
      last edited by

      For the past year, I routed all of my traffic to the VPN tunnel and everything went well. I now need to route some clients thru the WAN interface. I have created policy rules and at first, everything worked okay.  I started experiencing issues with http traffic being blocked for the clients that went thru the WAN interface.  Most of the sites were news and speed test sites.  I posted the issue here.

      https://forum.pfsense.org/index.php?topic=135175.0

      I thought I had the issue resolved earlier today by removing snort and unchecking some of the Suricata rules.  But now a new issue is appearing.  I started getting blocked on cnn.com.  The other news and speed test sites are okay so far.  So, I removed Suricata all together to eliminate that as the potential issue.  When I look at the logs and click on the X, I see the message:

      The rule that triggered this action is:

      @9(1000000103) block drop in log inet all label "Default deny rule IPv4"

      Attached are sample entries.

      When I do a nslookup, I see the ipv4 ip address did not get returned:

      nslookup cnn.com
      Server:  pfSense.mydomain.com
      Address:  192.168.4.1

      Name:    cnn.com
      Addresses:  2a04:4e42:600::323
                2a04:4e42::323
                2a04:4e42:400::323
                2a04:4e42:200::323

      A few minutes later, I try again, and they appear:

      nslookup cnn.com
      Server:  pfSense.mydomain.com
      Address:  192.168.4.1

      Non-authoritative answer:
      Name:    cnn.com
      Addresses:  2a04:4e42:600::323
                2a04:4e42::323
                2a04:4e42:400::323
                2a04:4e42:200::323
                151.101.129.67
                151.101.1.67
                151.101.65.67
                151.101.193.67

      I did not do anything that I am aware of to get the ipv4 address working again.

      I also run pfBlockerNG on the WAN and two VPN Client interfaces.  Any ideas are welcome.  Thank you!

      Update
      After posting this, I left for two hours and returned home. I wanted to go to the pfsense doc web site to read more about firewall and what  could be causing my grief. The page doc.pfsense.org could not be loaded. Good grief!  Notice how the ipv4 ip address for the site is not listed when performing a nslookup.

      nslookup doc.pfsense.org
      Server:  pfSense.mydomain.com
      Address:  192.168.4.1

      Name:    doc.pfsense.org
      Address:  2610:160:11:11::68

      fw-entries.jpg
      fw-entries.jpg_thumb

      pfSense 2.4.4_2 | Intel i5-3450 @ 3.10GHz  | AES-NI enabled |  pfBlockerNG | Snort
      Blog Site: https://x3mtek.com || GitHub: https://github.com/Xentrk

      1 Reply Last reply Reply Quote 0
      • V
        viragomann
        last edited by

        Please post the whole log entry of the issue.

        What should the attached picture tell us? The destination is not cnn.com and it shows out of state packets which are blocked.

        1 Reply Last reply Reply Quote 0
        • XentrkX
          Xentrk
          last edited by

          Thank you for the reply. I restored my config to an earlier version that did not have this issue. I then uninstalled snort and reconfigured suricata for for no blocking. Then did a reboot. I let things settle for awhile.  I have not see the issues appear since then. I will keep hitting the pfsense box to see if I can replicate the issue.  I will post the log file as you suggest if it starts happening again.

          pfSense 2.4.4_2 | Intel i5-3450 @ 3.10GHz  | AES-NI enabled |  pfBlockerNG | Snort
          Blog Site: https://x3mtek.com || GitHub: https://github.com/Xentrk

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.