Traffic being blocked/not making it out to WAN Gateway?



  • Currently running pfSense 2.4.5, snort, and pfBlocker. I also have fq_codel running on the WAN interface via a floating rule. VLANs are configured and pfSense acts as "router on a stick." Unbound is my resolver with forwarding sent to 1.1.1.1 1.0.0.1 and 8.8.8.8.

    This has just started happening recently and (seemingly) randomly. I know nothing is random, but I haven't been able to point a cause->effect yet. My clients are able to do DNS lookups (can prove via dig), and it will also resolve to an IP via trace route. However it can't resolve past the first hop, which is pfSense.

    I can log in to pfSense fine. I tried a traceroute of google.com from the UI and it works fine from the WAN interface. It doesn't work from the VLAN20 interface, it just responds 127.0.0.1 over and over. I'm not sure if that's by design, meaning, I wasn't sure if pfSense fully simulated a VLAN20 client calling tracing to google.com or not, so it may not be a valid test.

    What else can I be looking at?



  • Also one thing of note is that I show the gateway as 66.133.48.1 but my actual ip address online shows 66.133.61.112 when it works. I see some general 103 blocks so I wonder if there is maybe asymmetric routing going on somehow nuking everything?



  • Ok it just did it again and I see "config_aqm Unable to configure flow set, flow set busy!" which seems to be not good?


Log in to reply