Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    IPv4 adress is being blocked with rule description "block bogon IPv6 networks from WAN (11000)"

    Firewalling
    2
    2
    103
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      T.RR.EX last edited by

      Hello,

      a virtualized pfSense 2.4.3-RELEASE-p1 (I know, this is an old version and I will update it as soon as possible!) runs in front of my webserver and takes the role of a dhcp server (for lan) and a firewall / nat, so that my webserver is reachable from outside.
      It's a very simple design, but to give a rough overview:

                                                 1:1 NAT
       __________                             ____________                      ____________
      |          | calling web-server        |            |        LAN         |            |
      | internet | ----------------------- > | pfSense VM | <----------------> | web-server |
      |__________| with public ip            |____________|                    |____________|
                                               Allow TCP 
                                              *:80, *:443
      

      The pfSense has no explicit configuration. Only a DHCP server and 1:1 NAT for the servers/VMs behind the pfSense. So as expected it works. Now a user reported that he can't access my web server, although he is not behind a firewall blocking traffic. Now I'm on his PC and I can verify that he indeed can visit any website, just not my web server, where he gets a "website unreachable" info from his web browser.

      When I analyzed the pfSense logs, I saw that his IP (5.102.xxx.xxx) was blocked:

      X | Jan 12 16:54:43 | WAN | 5.102.xxx.xxx (user-ip) | 10.0.xx.xx (private ip from web-server) | TCP:S
      block bogon IPv6 networks from WAN (11000)
      

      The rule that triggerd this action:
      @53(11000) block drop in log quick on em0 from <bogons:3318> to any label "block bogon IPv4 networks from WAN

      His IP is definitely not in the bogon space (as mentioned its 5.102.xxx.xxx).

      I also tried to capture his packages with the pfSense capture tool:
      https://hastebin.com/bawelaxibe.css
      Unfortunately I cant use wireshark or similar software on his pc.

      I don't know where to look. With the exception of this one user, everyone else can access my web server and on the other hand, my web server is the only site he can't access.

      TIA for every answer.

      kiokoman 1 Reply Last reply Reply Quote 0
      • kiokoman
        kiokoman LAYER 8 @T.RR.EX last edited by kiokoman

        @t-rr-ex
        maybe try to temporarily disable "Block bogon networks" under interface / wan
        i don't see any 5.102.x.x on my /etc/bogons, strange.. i don't have that option enabled, firewall rule are more than enought, maybe a bug or it was present on that old version you are using

        1 Reply Last reply Reply Quote 1
        • First post
          Last post

        Products

        • Platform Overview
        • TNSR
        • pfSense
        • Appliances

        Services

        • Training
        • Professional Services

        Support

        • Subscription Plans
        • Contact Support
        • Product Lifecycle
        • Documentation

        News

        • Media Coverage
        • Press
        • Events

        Resources

        • Blog
        • FAQ
        • Find a Partner
        • Resource Library
        • Security Information

        Company

        • About Us
        • Careers
        • Partners
        • Contact Us
        • Legal
        Our Mission

        We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

        Subscribe to our Newsletter

        Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

        © 2021 Rubicon Communications, LLC | Privacy Policy