Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IPv4 adress is being blocked with rule description "block bogon IPv6 networks from WAN (11000)"

    Firewalling
    2
    2
    661
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      T.RR.EX
      last edited by

      Hello,

      a virtualized pfSense 2.4.3-RELEASE-p1 (I know, this is an old version and I will update it as soon as possible!) runs in front of my webserver and takes the role of a dhcp server (for lan) and a firewall / nat, so that my webserver is reachable from outside.
      It's a very simple design, but to give a rough overview:

                                                 1:1 NAT
 __________                             ____________                      ____________
|          | calling web-server        |            |        LAN         |            |
| internet | ----------------------- > | pfSense VM | <----------------> | web-server |
|__________| with public ip            |____________|                    |____________|
                                         Allow TCP 
                                        *:80, *:443

      The pfSense has no explicit configuration. Only a DHCP server and 1:1 NAT for the servers/VMs behind the pfSense. So as expected it works. Now a user reported that he can't access my web server, although he is not behind a firewall blocking traffic. Now I'm on his PC and I can verify that he indeed can visit any website, just not my web server, where he gets a "website unreachable" info from his web browser.

      When I analyzed the pfSense logs, I saw that his IP (5.102.xxx.xxx) was blocked:

      X | Jan 12 16:54:43 | WAN | 5.102.xxx.xxx (user-ip) | 10.0.xx.xx (private ip from web-server) | TCP:S
block bogon IPv6 networks from WAN (11000)

      The rule that triggerd this action:
      @53(11000) block drop in log quick on em0 from <bogons:3318> to any label "block bogon IPv4 networks from WAN

      His IP is definitely not in the bogon space (as mentioned its 5.102.xxx.xxx).

      I also tried to capture his packages with the pfSense capture tool:
      https://hastebin.com/bawelaxibe.css
      Unfortunately I cant use wireshark or similar software on his pc.

      I don't know where to look. With the exception of this one user, everyone else can access my web server and on the other hand, my web server is the only site he can't access.

      TIA for every answer.

      kiokomanK 1 Reply Last reply Reply Quote 0
      • kiokomanK
        kiokoman LAYER 8 @T.RR.EX
        last edited by kiokoman

        @t-rr-ex
        maybe try to temporarily disable "Block bogon networks" under interface / wan
        i don't see any 5.102.x.x on my /etc/bogons, strange.. i don't have that option enabled, firewall rule are more than enought, maybe a bug or it was present on that old version you are using

        ̿' ̿'\̵͇̿̿\з=(◕_◕)=ε/̵͇̿̿/'̿'̿ ̿
        Please do not use chat/PM to ask for help
        we must focus on silencing this @guest character. we must make up lies and alter the copyrights !
        Don't forget to Upvote with the 👍 button for any post you find to be helpful.

        1 Reply Last reply Reply Quote 1
        • First post
          Last post