LAN default block rule messing with internal host-to-host traffic



  • Greetings everyone,

    I'm running a pfsense 1.2.1 firewall at home. I've been running this particular install since early September using the beta builds and RC releases.

    My problem is that some traffic from internal hosts to internal hosts are being blocked by the pfsense box. Originally the problem was that one of my domain computers couldn't see my domain controller. I checked out that boxes event logs and found that it started having problems around Sept. 14th. I've been working on that problem since. Then a couple of weeks ago I got a new Directv HD DVR that has networking capabilities that I wanted to get on the network. Got it set up and streaming video from the internet, but it also had problems seeing my file server that is on an internal address. What's interesting is both boxes get IP addresses via DHCP from the exact same box they can't talk to over IP.

    I didn't think that the 2 problems were related until last night when I checked my pfsense firewall logs and say that both computers were being blocked by pfsense! The logs indicate that they are being blocked on the LAN interface and when I click on the red "X" box I'm told that "@70 block drop in log quick all label "Default deny rule"" is the rule that actually made the traffic get blocked.

    What's weird is that those are the only 2 instances of trouble I see. I don't have any trouble connecting to anything on the network from my workstation. I have a couple of rules to pass traffic on the WAN side of the firewall but I only have the "Default LAN -> any" rule set on the LAN side.

    Can anyone explain why the default block rule is blocking some of my traffic?

    Thank you!

    -Will



  • Traffic from one host to another host on same network is never blocked by the firewall because the hosts can talk to each other directly and the default gateway is not used. Are you mixing two different ip ranges on the LAN interface perhaps?



  • Hello,

    Nope, all the internal computers are in the same /27 network my ISP assigned me, yet the blocks are right there in the logs under "Diagnostics: System logs: Firewall".

    The only things I see in the firewall log that are blocked on the LAN interface are computers from the inside talking to computers on the inside…check out the attached pic!

    -Will




  • Hello,

    I think I have figured it out.

    Turns out I had the wrong subnet mask on the computer that was the source in the logs. Makes sense when you think about it…the 2 computers have IP's above 16 (my IP's are XXX.XXX.XXX.0-32) and with a .240 subnet mask the source computer is going to send traffic to the router if it's above .16!

    I corrected the subnet mask on the blocked computer and was able to see it from both locations.

    Big thanks to kpa for making me think about it a little more.

    -Will



  • Np at all  :)


Locked