• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Firewall rule loading errors

Scheduled Pinned Locked Moved Firewalling
3 Posts 2 Posters 455 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    gabxmx
    last edited by Oct 12, 2022, 3:21 PM

    IPs changed

    Errors:
    There were error(s) loading the rules: no IP address found for 2205:931:ef43:26d2::103991 - Array @ 2022-10-11 21:04:58
    There were error(s) loading the rules: /tmp/rules.debug:130: could not parse host specification - The line in question reads [130]: rdr pass on bge1 inet6 proto tcp from any to ::103991 port 80 -> ::1 port 8081
    @ 2022-10-11 21:08:53
    —-

    The IPv6 address shown in the first error is associated with my LAN interface. The rule in question in the rules.debug file here:

    =====

    Reflection redirect

    rdr pass on { bge1.8 bge1.80 bge1.64 bge1.5 bge1.7 bge0 tun_wg0 openvpn WireGuard } inet proto tcp from any to 10.123.99.1 port 80 -> 127.0.0.1 port 8081
    rdr pass on bge1 inet6 proto tcp from any to 2205:931:ef43:26d2::103991 port 80 -> ::1 port 8081

    Reflection redirect

    rdr pass on { bge1.8 bge1.80 bge1.64 bge1.5 bge1.7 bge0 tun_wg0 openvpn WireGuard } inet6 proto tcp from any to 2205:931:ef43:26d2::103991 port 80 -> ::1 port 8081
    rdr pass on bge1 inet proto tcp from any to 10.3.99.1 port 443 -> 127.0.0.1 port 9443

    Reflection redirect

    rdr pass on { bge1.8 bge1.80 bge1.64 bge1.5 bge1.7 bge0 tun_wg0 openvpn WireGuard } inet proto tcp from any to 10.123.99.1 port 443 -> 127.0.0.1 port 9443
    rdr pass on bge1 inet6 proto tcp from any to 2601:647:ca03:26d0::103991 port 443 -> ::1 port 9443

    Reflection redirect

    rdr pass on { bge1.8 bge1.80 bge1.64 bge1.5 bge1.7 bge0 tun_wg0 openvpn WireGuard } inet6 proto tcp from any to 2601:647:ca03:26d0::103991 port 443 -> ::1 port 9443

    UPnPd rdr anchor

    rdr-anchor "miniupnpd"

    =====

    NAT reflection is disabled.
    I don’t know how to make this rule go away. Please help!

    I’ve used pfSense a lot for over a decade so I basically know what I’m doing but I can’t figure out how to resolve these errors.

    I recently added a new interface and the “pass” rules on the new interface aren’t being loaded and all traffic on the new interface is blocked by the default deny rules. I suspect these errors are preventing the rules on the new interface from loading properly. However, the clients behind the new internal interface ARE getting dhcp leases.

    Rules on new interface :
    pass in log quick on $NODE inet proto { tcp udp } from any to any ridentifier 1665547000 keep state label "USER_RULE: Why not working"
    pass in log quick on $NODE inet from 10.123.64.0/24 to any ridentifier 1665547989 keep state label "USER_RULE"

    G 1 Reply Last reply Oct 16, 2022, 2:21 PM Reply Quote 0
    • G
      gabxmx @gabxmx
      last edited by Oct 16, 2022, 2:21 PM

      I figured out the issue
      It’s related to a malformed IPv6 address inserted into a virtual IP record by the DNSBL feature in pfblockerNG

      A 1 Reply Last reply Nov 3, 2022, 2:25 AM Reply Quote 0
      • A
        awebster @gabxmx
        last edited by Nov 3, 2022, 2:25 AM

        @gabxmx What did you do to fix it? DNSBL likes to create addresses automatically.

        –A.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received