IPv4 adress is being blocked with rule description "block bogon IPv6 networks from WAN (11000)"
-
Hello,
a virtualized pfSense 2.4.3-RELEASE-p1 (I know, this is an old version and I will update it as soon as possible!) runs in front of my webserver and takes the role of a dhcp server (for lan) and a firewall / nat, so that my webserver is reachable from outside.
It's a very simple design, but to give a rough overview:1:1 NAT __________ ____________ ____________ | | calling web-server | | LAN | | | internet | ----------------------- > | pfSense VM | <----------------> | web-server | |__________| with public ip |____________| |____________| Allow TCP *:80, *:443
The pfSense has no explicit configuration. Only a DHCP server and 1:1 NAT for the servers/VMs behind the pfSense. So as expected it works. Now a user reported that he can't access my web server, although he is not behind a firewall blocking traffic. Now I'm on his PC and I can verify that he indeed can visit any website, just not my web server, where he gets a "website unreachable" info from his web browser.
When I analyzed the pfSense logs, I saw that his IP (5.102.xxx.xxx) was blocked:
X | Jan 12 16:54:43 | WAN | 5.102.xxx.xxx (user-ip) | 10.0.xx.xx (private ip from web-server) | TCP:S block bogon IPv6 networks from WAN (11000)
The rule that triggerd this action:
@53(11000) block drop in log quick on em0 from <bogons:3318> to any label "block bogon IPv4 networks from WANHis IP is definitely not in the bogon space (as mentioned its 5.102.xxx.xxx).
I also tried to capture his packages with the pfSense capture tool:
https://hastebin.com/bawelaxibe.css
Unfortunately I cant use wireshark or similar software on his pc.I don't know where to look. With the exception of this one user, everyone else can access my web server and on the other hand, my web server is the only site he can't access.
TIA for every answer.
-
@t-rr-ex
maybe try to temporarily disable "Block bogon networks" under interface / wan
i don't see any 5.102.x.x on my /etc/bogons, strange.. i don't have that option enabled, firewall rule are more than enought, maybe a bug or it was present on that old version you are using