• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Weird LAN/OPT1 blocks and default deny every second

Scheduled Pinned Locked Moved General pfSense Questions
4 Posts 2 Posters 333 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T
    throttlenerd
    last edited by Aug 26, 2023, 11:17 AM

    Hey guys, I've been very happy with my DIY pfSense 2.6.0 box, worked flawlessly for about 6 months and now I see some weird things I can't understand. I have two physical subnets, LAN and OPT1. LAN for WiFi and "home" devices, OPT1 for "work". My laptop is on static IP either on WiFi or OPT1. Sometimes I can't reach (ping) a server (and another OPT1 computer) on OPT1 when I'm on WiFi (now I even enabled default "LAN to any" rule for test purposes). And sometimes I can, but then all of a sudden it becomes unreachable again. But if I connect my laptop to OPT1 physically -- voila, all good (at all times, no exceptions). There is no blocking rule on OPT1, all traffic from LAN is allowed. The weirdest thing is: when (on WiFi) I ping that OPT1 server (or another computer) from pfSense web interface (Diagnostics > Ping), no matter which Source Address I select from the drop-down menu (Automatic/LAN/OPT1) -- still unreachable. But if I'm connected via cable to OPT1 -- ping works either from macOS terminal and pfSense webinterface. How could webinterface care where do I send the command from, WiFi or LAN? Webinterface command should come "from within the firefall, not from outside macos terminal app"! And when I'm wired to OPT1 and ping from pfsense -- even if I select LAN as "source address" -- all good. This is rather weird. But I'm not an IT guy, yeah )

    And another strange thing, saw some like this in forums but didn't find a solution: my firewall logs are filled with this "every second" entry:

    LAN | Default deny rule IPv4 (1000000103) | 0.0.0.0:11113 | 255.255.255.255:11111 | UDP

    The only logged allow/block rules on LAN are for IP_Cameras alias, WAN rules are default (and not logged, afaik)

    LAN and OPT1 settings for blocking private and bogon networks are default -- disabled.

    Thank you so much guys!

    J 1 Reply Last reply Aug 26, 2023, 11:32 AM Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator @throttlenerd
      last edited by Aug 26, 2023, 11:32 AM

      @throttlenerd said in Weird LAN/OPT1 blocks and default deny every second:

      LAN | Default deny rule IPv4 (1000000103) | 0.0.0.0:11113 | 255.255.255.255:11111 | UDP

      Well 0.0.0.0 as source is not your "lan net" so yeah that would be blocked.. Even with a any any rule when source is lan net on the rule. That is odd traffic, off the top not sure what 11111 would be.. VCE, is what is listed for that port, but off the top of my head not sure what would be sending such traffic. I would look to see what is sending it, source of 0s doesn't make much sense. If you sniff the traffic you can get the mac address of what is sending it.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      T 1 Reply Last reply Aug 26, 2023, 12:40 PM Reply Quote 0
      • T
        throttlenerd @johnpoz
        last edited by Aug 26, 2023, 12:40 PM

        Hi @johnpoz, thank you! Tried Diagnostics > Packet Capture with various settings, no trails of 0.0.0.0 or port 11111....

        J 1 Reply Last reply Aug 26, 2023, 12:50 PM Reply Quote 0
        • J
          johnpoz LAYER 8 Global Moderator @throttlenerd
          last edited by johnpoz Aug 26, 2023, 12:57 PM Aug 26, 2023, 12:50 PM

          @throttlenerd well your not sniffing on the correct interface? If your seeing it in the logs that its blocked, then packet capture would capture it.

          capture.jpg

          You sure the traffic is still being seen when your doing the capture - ie are you still logging those denies?

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 24.11 | Lab VMs 2.8, 24.11

          1 Reply Last reply Reply Quote 0
          1 out of 4
          • First post
            1/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received