Blocked by default



  • I have a wide open rule on my wan:
    Proto   Source   Port   Destination   Port   Gateway   Schedule   Description

    • 172.25.1.0/24   *   *   *   *       test

    but in the firewall log I am recieving quite a few dropped packets being dropped by the default rule

    Dec 10 10:39:03 WAN 172.25.1.10:5972 66.114.50.57:80 TCP
    Dec 10 10:39:31 WAN 172.25.1.10:5972 66.114.50.57:80 TCP
    Dec 10 10:39:32 WAN 172.25.1.10:5970 64.233.181.157:80 TCP
    Dec 10 10:40:36 WAN 172.25.1.10:5970 64.233.181.157:80 TCP
    Dec 10 10:41:40 WAN 172.25.1.10:5970 64.233.181.157:80 TCP
    Dec 10 10:42:44 WAN 172.25.1.10:5970 64.233.181.157:80 TCP
    Dec 10 10:43:48 WAN 172.25.1.10:5970 64.233.181.157:80 TCP
    Dec 10 10:44:53 WAN 172.25.1.10:5970 64.233.181.157:80 TCP

    Is this because of the state is bieng sent or recieved incorrectly?

    Some basic info

    Lan is bridged with wan

    I have an optional 1 which is load ballanced with the wan

    on the lan side i also have a wide open approve all for my private side.



  • I found the answer

    http://doc.m0n0.ch/handbook/faq-legit-traffic-dropped.html

    Search is a good thing.



  • Santron you´re right.

    But on pfsense to fix this problem, check the checkbox "Bypass firewall rules for traffic on the same interface" on Advanced in System tab.

    See if fix you problem.

    Anyway post your results.

    Tks

    Heitor Lessa



  • Heitor,

    Thank you for your answer. It has solved some of the blocks but I am still getting dropped packets:

    Act  Time  If  Source                            Destination  Proto
    Dec 11 10:17:34 WAN 172.25.xxx.xxx:14084 208.71.xxx.xxx:80 TCP
    Dec 11 10:16:30 WAN 172.25.xxx.xxx:14084 208.71.xxx.xxx:80 TCP
    Dec 11 10:15:25 WAN 172.25.xxx.xxx:14084 208.71.xxx.xxx:80 TCP



  • Try to create rules for this destination just for test.

    For example.

    Action - Pass
    Source - *
    Protocol - TCP
    Destination - 208.71.x.x

    Cause this previous option fix this problem, but there are cases when you need to create specific rules.

    Anyway, you can contact me on Skype. -> heitor.flessa

    Lucky



  • some of these are normal, as the m0n0wall doc explains.  why do you think you have a problem?


Log in to reply