IP Address in San Antonio, TX being blocked by pfB_SAmerica_v4



  • Hello,

    I have a wifi thermostat that is trying to contact 191.238.242.203 which I show as being located in San Antonio, TX. However, per the logs below, the IP is getting blocked by the pfB_SAmerica_v4 auto rule. If I allow outbound to  pfB_SAmerica_v4 the problem goes away. PFSense is showing pfblockerng to be on the latest package 2.1.1_11. PFSense is 2.4.0-RELEASE (amd64)

    Can anybody tell me why the IP is being blocked by pfB_SAmerica_v4 auto when it appears to be in TX? If there's not a fix, how can I isolate what country within the South America country list is flagging the IP so I can allow just that country?

    Any help is greatly appreciated.

    Regards,
    Tim in CO

    7 filterlog: 132,,,1770011309,igb2_vlan25,match,block,in,4,0x0,,64,10012,0,none,6,tcp,60,192.168.5.90,191.238.242.203,57579,80,0,S,3818633139,,2896,,mss;nop;wscale;nop;nop;TS

    Action Time Interface Source Destination Protocol
    Oct 17 08:57:16 VLAN25WIFIAPPLIANCES   192.168.5.90:58424   191.238.242.203:80 TCP:S
    pfB_SAmerica_v4 auto rule (1770011309)



  • Anyone, anyone?





  • Cool. Thank you. Based on the URL you posted I think i now see how you figured that out. I'll use dnsstuff.com in the future.

    Regards,
    Tim



  • I didn't check the URL in that post.  It got broken in the middle.

    However, I just noticed that pfSense's Diagnostics > DNS Lookup points to:

    IP WHOIS @ DNS Stuff
    and
    IP Info @ DNS Stuff

    neither of these seem to work now.



  • No worries. I got the information I was looking for. Thanks again.


  • Moderator

    @tim_co:

    No worries. I got the information I was looking for. Thanks again.

    As an FYI:

    In the Alerts tab, you can click on the "I" infoblock icons and it will load a Threat Lookup page with several Threat Source lookup tools….


Log in to reply