Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Strange Firewall block logs, pfsense blocks traffic from LAN interface

    Scheduled Pinned Locked Moved Firewalling
    9 Posts 8 Posters 12.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • L
      lordarcane
      last edited by

      Here is how it looks:

      pf: 4. 812458 rule 79/0(match): block in on em0: (tos 0x0, ttl 128, id 55852, offset 0, flags [DF], proto TCP (6), length 40) 10.1.1.124.1287 > 127.0.0.1.80: F, cksum 0xe314 (correct), 0:0(0) ack 1 win 64051

      Where 10.1.1.124 is an computer on the LAN.

      And Nov 26 11:24:13  LAN  10.1.1.116:4331  194.218.x.xxx:443  TCP

      "the rule that triggered this action is": @78 default deny rule.

      I only have one rule for the LAN, and that is allow everything from the LAN.

      Everything seems to be working correct. I have Squid/squidguard setup as an external proxy. Clients can reach the web.

      What have I done wrong??

      I´m running 1.2.1 RC2

      1 Reply Last reply Reply Quote 0
      • P
        planetmac
        last edited by

        That may have been  spoofed. so the firewall blocked it.

        1 Reply Last reply Reply Quote 0
        • M
          m3isp
          last edited by

          I'm having the same problem but haven't had any luck figuring out the cause. Just out of curiosity are you using the firewall transparently? If you are and wouldn't mind testing something for me, go into the system log - settings and remove the check mark in  Log packets blocked by the default rule then check to see if your firewall is still generating the log entry for your "strange firewall blocks".

          Regard
          M3

          1 Reply Last reply Reply Quote 0
          • L
            lordarcane
            last edited by

            I am running squid in transparet mode. And, after unticking the Log packets blocked by the default rule the log entrys is removed. But, i guess the firewall keeps blocking and so on. A lot of my really strange firewall logs have been removed after that checkbox is unticked.

            But, still quite curious to why the error is there in the first place.

            1 Reply Last reply Reply Quote 0
            • F
              Fede_Reghe
              last edited by

              I'm having a similar problem:

              Sometimes,

              Jan 8 10:40:16  LAN  192.168.115.5:49153  192.168.115.6:221  TCP

              or

              Jan 8 10:10:41  LAN  192.168.115.21:43511  88.79..:80  TCP

              But in LAN rules:
              *  *  *  *  *  *    Default LAN -> any

              (192.168.115.0/24 is the LAN subnet)

              1 Reply Last reply Reply Quote 0
              • K
                kpa
                last edited by

                http://doc.m0n0.ch/handbook/faq-legit-traffic-dropped.html

                1 Reply Last reply Reply Quote 0
                • J
                  jjdesch
                  last edited by

                  Is this something new since 1.2.1 and above?  I do not recall ever observing this behavior under 1.2

                  1 Reply Last reply Reply Quote 0
                  • M
                    mikeisfly
                    last edited by

                    You are seeing what me and others are seeing, there is a rule blocking traffic on your LAN segment not originating from that segment. In my case I have a wireless access point in router mode that is being blocked. pftop from the shell will give you a clue to what is going on. Also look at \tmp\rules.debug the affecting rule should be around the number that you mentioned prior. hope this helps, I know where the problem is I don't know how to manually change the rules since it looks like it can't be done from the gui.

                    1 Reply Last reply Reply Quote 0
                    • M
                      majortom1981
                      last edited by

                      We are having the same problem. Its very annoying.

                      We have a 100/100 conenction and this update added much needed cpu speed but with this problem we are thinking of downgrading pack to 1.2

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.