• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Strange blocking not matching a rule

Scheduled Pinned Locked Moved Firewalling
3 Posts 2 Posters 322 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    t0m77
    last edited by t0m77 Feb 11, 2023, 10:23 AM Feb 11, 2023, 10:09 AM

    Hi

    Could you help me to understand or investigate on this strange behavior?

    Its on a home network and so a quite simple config.
    My LAN is 192.168.1.0/24
    My DMZ is 192.168.2.0/24

    I have the following rules for LAN
    5c8dca0e-549d-45db-a745-06fd584b893b-image.png

    Note that last line with 3306 port (MySQL), was added after the problem happened, when I was inspecting the logs. So consider that this entry doesn't exist.

    All traffic on any port from LAN to anything (and thus including DMZ) is supposed to be allowed. I have nothing in the DMZ rules that would block inbound traffic from LAN. Only everything from DMZ to LAN is blocked. I've got 6 servers in the DMZ running a lot of things on a lot of ports, and I have zero issue reaching them from my LAN.

    But this morning I have noticed all those blockings that happen mostly everyday for a short period of time:
    f58c8869-d6fd-44ff-8243-aba1f9b1b66b-image.png

    192.168.1.3 is a linux VM in the LAN dedicated to monitoring with Zabbix. It stores data in my dedicated MySQL server which is another Linux VM in the DMZ (192.168.2.2).

    How could this traffic be blocked ?? How can I investigate this ?
    Note that I have PfblockerNG and Snort. But although Snort is watching all interfaces (WAN/LAN/DMZ), it only block on WAN. SO its most probably not coming from there

    Cheers

    S 1 Reply Last reply Feb 11, 2023, 3:37 PM Reply Quote 0
    • S
      SteveITS Galactic Empire @t0m77
      last edited by SteveITS Feb 11, 2023, 3:37 PM Feb 11, 2023, 3:37 PM

      @t0m77 see if this helps
      https://docs.netgate.com/pfsense/en/latest/troubleshooting/log-filter-blocked.html

      Edit: also, DMZ rules are unable to affect traffic from LAN. Rules apply to traffic inbound on the interface.

      Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
      When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
      Upvote 👍 helpful posts!

      T 1 Reply Last reply Feb 11, 2023, 4:31 PM Reply Quote 1
      • T
        t0m77 @SteveITS
        last edited by Feb 11, 2023, 4:31 PM

        @steveits it answers my question, thanks!

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received