Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall rule loading errors

    Firewalling
    2
    3
    376
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gabxmx
      last edited by

      IPs changed

      Errors:
      There were error(s) loading the rules: no IP address found for 2205:931:ef43:26d2::103991 - Array @ 2022-10-11 21:04:58
      There were error(s) loading the rules: /tmp/rules.debug:130: could not parse host specification - The line in question reads [130]: rdr pass on bge1 inet6 proto tcp from any to ::103991 port 80 -> ::1 port 8081
      @ 2022-10-11 21:08:53
      —-

      The IPv6 address shown in the first error is associated with my LAN interface. The rule in question in the rules.debug file here:

      =====

      Reflection redirect

      rdr pass on { bge1.8 bge1.80 bge1.64 bge1.5 bge1.7 bge0 tun_wg0 openvpn WireGuard } inet proto tcp from any to 10.123.99.1 port 80 -> 127.0.0.1 port 8081
      rdr pass on bge1 inet6 proto tcp from any to 2205:931:ef43:26d2::103991 port 80 -> ::1 port 8081

      Reflection redirect

      rdr pass on { bge1.8 bge1.80 bge1.64 bge1.5 bge1.7 bge0 tun_wg0 openvpn WireGuard } inet6 proto tcp from any to 2205:931:ef43:26d2::103991 port 80 -> ::1 port 8081
      rdr pass on bge1 inet proto tcp from any to 10.3.99.1 port 443 -> 127.0.0.1 port 9443

      Reflection redirect

      rdr pass on { bge1.8 bge1.80 bge1.64 bge1.5 bge1.7 bge0 tun_wg0 openvpn WireGuard } inet proto tcp from any to 10.123.99.1 port 443 -> 127.0.0.1 port 9443
      rdr pass on bge1 inet6 proto tcp from any to 2601:647:ca03:26d0::103991 port 443 -> ::1 port 9443

      Reflection redirect

      rdr pass on { bge1.8 bge1.80 bge1.64 bge1.5 bge1.7 bge0 tun_wg0 openvpn WireGuard } inet6 proto tcp from any to 2601:647:ca03:26d0::103991 port 443 -> ::1 port 9443

      UPnPd rdr anchor

      rdr-anchor "miniupnpd"

      =====

      NAT reflection is disabled.
      I don’t know how to make this rule go away. Please help!

      I’ve used pfSense a lot for over a decade so I basically know what I’m doing but I can’t figure out how to resolve these errors.

      I recently added a new interface and the “pass” rules on the new interface aren’t being loaded and all traffic on the new interface is blocked by the default deny rules. I suspect these errors are preventing the rules on the new interface from loading properly. However, the clients behind the new internal interface ARE getting dhcp leases.

      Rules on new interface :
      pass in log quick on $NODE inet proto { tcp udp } from any to any ridentifier 1665547000 keep state label "USER_RULE: Why not working"
      pass in log quick on $NODE inet from 10.123.64.0/24 to any ridentifier 1665547989 keep state label "USER_RULE"

      G 1 Reply Last reply Reply Quote 0
      • G
        gabxmx @gabxmx
        last edited by

        I figured out the issue
        It’s related to a malformed IPv6 address inserted into a virtual IP record by the DNSBL feature in pfblockerNG

        awebsterA 1 Reply Last reply Reply Quote 0
        • awebsterA
          awebster @gabxmx
          last edited by

          @gabxmx What did you do to fix it? DNSBL likes to create addresses automatically.

          –A.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post