Traffic being blocked/not making it out to WAN Gateway?

  • Currently running pfSense 2.4.5, snort, and pfBlocker. I also have fq_codel running on the WAN interface via a floating rule. VLANs are configured and pfSense acts as "router on a stick." Unbound is my resolver with forwarding sent to and

    This has just started happening recently and (seemingly) randomly. I know nothing is random, but I haven't been able to point a cause->effect yet. My clients are able to do DNS lookups (can prove via dig), and it will also resolve to an IP via trace route. However it can't resolve past the first hop, which is pfSense.

    I can log in to pfSense fine. I tried a traceroute of from the UI and it works fine from the WAN interface. It doesn't work from the VLAN20 interface, it just responds over and over. I'm not sure if that's by design, meaning, I wasn't sure if pfSense fully simulated a VLAN20 client calling tracing to or not, so it may not be a valid test.

    What else can I be looking at?

  • Also one thing of note is that I show the gateway as but my actual ip address online shows when it works. I see some general 103 blocks so I wonder if there is maybe asymmetric routing going on somehow nuking everything?

  • Ok it just did it again and I see "config_aqm Unable to configure flow set, flow set busy!" which seems to be not good?

