Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [Solved] Firewall blocking but not logging for some…

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      Equiping
      last edited by

      I have had this problem for a while and searching the forum doesn't reveal any solution for me.

      It happens often that I have apps wanting to update but are blocked by pfsense somewhere.
      I have found how to determine via logs when it is squid proxy blocking it.

      However I am having problems with the pfsense log. From time to time I allow an app through the squid proxy but it still can't update and there is no log entry to say it is blocked.
      I have the option Status>System Logs>Settings Log packets blocked by the default rule enabled and do see some default deny log entries.
      I have one other blocking rule in the rules and have turned on logging for it.
      However my apps still cant get through and there is no log entry. I gather it must be the firewall blocking it because when I create an "allow all traffic" rule for the machine I'm working on at the time it gets through and updates.
      I must be missing something real basic, can anyone give me a tip please.

      TIA,
      Karl

      1.2.3-RC3
      built on Tue Oct 6 01:32:12 UTC 2009

      1 Reply Last reply Reply Quote 0
      • E
        Equiping
        last edited by

        OK, so I have logging turned on for my one blocking rule and I have the check box checked in "Status>System Logs>Settings Log packets blocked by the default rule" but I still don't get notification when the firewall is blocking. Does anyone have clues as to where to go to find where traffic is being blocked? :-\

        1.2.3-RC3
        built on Tue Oct 6 01:32:12 UTC 2009

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          Do you have any filter rules which are set to block but not log?

          If not, then it isn't the firewall blocking that traffic. It's probably getting lost somewhere in squid (you could watch the access log as you try) or going somewhere unexpected.

          You may need to monitor the interfaces with tcpdump (packet capture) in order to determine what is happening for certain.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • E
            Equiping
            last edited by

            Thanks for your  response jimp. No, I have no blocking rules with logging turned off. And yes I thought it must be something somewhere else blocking but when I create a firewall rule to allow all from my ip address it goes through fine. Doesn't that suggest that it's the firewall blocking it then? I've had a look at a tcpdump - raw data as well as with wireshark but it takes some deciphering to understand what's going on and where stuff is being blocked. The fact that an allow all from this ip address firewall rule allows things to work steers me to a firewall problem but I could be wrong.

            1.2.3-RC3
            built on Tue Oct 6 01:32:12 UTC 2009

            1 Reply Last reply Reply Quote 0
            • E
              Equiping
              last edited by

              OK, found it - using Wireshark and trawling through the data. The problem was with the proxy - my original request was being redirected to a mirror - I had allowed the original site through the proxy but had no overt indication that I was being redirected to a mirror. I entered the mirror address into the proxy ACL whitelist and Voila!

              1.2.3-RC3
              built on Tue Oct 6 01:32:12 UTC 2009

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.