Why are these packets being blocked (CDN stuff I believe)??
-
I have seen, since the time of install, packets blocked from my internal network to the internet. I have it setup so anything from inside is allowed to get out, but these packets are marked as blocked in the log.
For the most part I see connections to Content Deliver Network Providers (CDN) for stuff like facebook and the PS3, akamai is one of the common destinations I've seen get blocked. I've not noticed any degradation or adverse symptoms as a result so it has not concerned me.
However I do have ooma voice service. A VoIP provider that has a little box sitting on the LAN, It would be a great service if the quality and reliability didn't s#$@ so bad. I'm getting ready to fire them and surplus the $200 ooma unit as a failed experiment…. Anyway, from the ooma box I am seeing packets get blocked going out. Everything is going to port 110, but I'm not sure why it is being blocked. I attempted to add a quick-rule to specifically allow this traffic but it was still getting blocked. I don't think it has anything to do with the voice quality, but want to cover my bases before I give up, and I am curious why I would see any blocks outbound.
I'm sure there is a logical explanation, I just would like to know what it is.
I've also noticed some other LAN traffic getting blocked (even to port 443/SSL) so not sure why - obviously from inside my network outbound I never want to block anything.
You can see below some of the logs I am referring to.... Any help is appreciated
block May 31 14:45:50 LAN 10.0.30.2:52065 38.114.132.204:110 TCP:FA
block May 31 14:45:08 LAN 10.0.30.2:52065 38.114.132.204:110 TCP:FA
block May 31 14:44:47 LAN 10.0.30.2:52065 38.114.132.204:110 TCP:FA
block May 31 14:44:36 LAN 10.0.30.2:52065 38.114.132.204:110 TCP:FA
block May 31 14:44:31 LAN 10.0.30.2:52065 38.114.132.204:110 TCP:FA
block May 31 14:44:28 LAN 10.0.30.2:52065 38.114.132.204:110 TCP:FA
block May 31 14:44:27 LAN 10.0.30.2:52065 38.114.132.204:110 TCP:FA
block May 31 14:44:26 LAN 10.0.30.2:52065 38.114.132.204:110 TCP:FA
block May 31 14:44:26 LAN 10.0.30.2:52065 38.114.132.204:110 TCP:FA
block May 31 12:38:32 LAN 10.0.30.204:45860 74.125.225.72:443 TCP:FPA
block May 31 12:38:13 LAN 10.0.30.204:45860 74.125.225.72:443 TCP:FPA
block May 31 12:38:03 LAN 10.0.30.204:45860 74.125.225.72:443 TCP:FPA
block May 31 12:37:58 LAN 10.0.30.204:45860 74.125.225.72:443 TCP:FPA
block May 31 12:37:55 LAN 10.0.30.204:45860 74.125.225.72:443 TCP:FPA
block May 31 12:37:54 LAN 10.0.30.204:45860 74.125.225.72:443 TCP:FPA
block May 31 12:37:53 LAN 10.0.30.204:45860 74.125.225.72:443 TCP:FPA
block May 31 12:37:53 LAN 10.0.30.204:45860 74.125.225.72:443 TCP:PA
block May 31 12:37:53 LAN 10.0.30.204:45860 74.125.225.72:443 TCP:PA
block May 31 12:22:29 LAN 10.0.30.202:37683 69.171.228.71:443 TCP:RA
block May 31 12:22:29 LAN 10.0.30.202:37683 69.171.228.71:443 TCP:PA
block May 31 11:22:28 LAN 10.0.30.202:37647 69.171.228.71:443 TCP:RA
block May 31 11:22:28 LAN 10.0.30.202:37647 69.171.228.71:443 TCP:PA
block May 31 11:22:28 LAN 10.0.30.202:37646 69.171.228.71:443 TCP:RA
block May 31 11:22:28 LAN 10.0.30.202:37646 69.171.228.71:443 TCP:PA
block May 31 10:56:57 LAN 10.0.30.202:56043 69.171.228.75:443 TCP:RA
block May 31 10:56:57 LAN 10.0.30.202:56043 69.171.228.75:443 TCP:PA
block May 31 10:56:57 LAN 10.0.30.202:37617 69.171.228.71:443 TCP:RA
block May 31 10:56:57 LAN 10.0.30.202:37617 69.171.228.71:443 TCP:PA
block May 31 10:01:17 LAN 10.0.30.2:56514 38.114.132.204:110 TCP:FA
block May 31 10:00:41 LAN 10.0.30.2:56514 38.114.132.204:110 TCP:FA
block May 31 10:00:23 LAN 10.0.30.2:56514 38.114.132.204:110 TCP:FA
block May 31 10:00:14 LAN 10.0.30.2:56514 38.114.132.204:110 TCP:FA
block May 31 10:00:09 LAN 10.0.30.2:56514 38.114.132.204:110 TCP:FA
block May 31 10:00:07 LAN 10.0.30.2:56514 38.114.132.204:110 TCP:FA
block May 31 10:00:06 LAN 10.0.30.2:56514 38.114.132.204:110 TCP:FA
block May 31 10:00:05 LAN 10.0.30.2:56514 38.114.132.204:110 TCP:FA
block May 31 10:00:05 LAN 10.0.30.2:56514 38.114.132.204:110 TCP:FA
block May 31 09:21:19 LAN 10.0.30.204:34780 74.125.225.41:443 TCP:FA
block May 31 09:20:48 LAN 10.0.30.204:34780 74.125.225.41:443 TCP:FA
block May 31 09:20:33 LAN 10.0.30.204:34780 74.125.225.41:443 TCP:FA
block May 31 09:20:25 LAN 10.0.30.204:34780 74.125.225.41:443 TCP:FA
block May 31 09:20:21 LAN 10.0.30.204:34780 74.125.225.41:443 TCP:FA
block May 31 09:20:20 LAN 10.0.30.204:34780 74.125.225.41:443 TCP:FA
block May 31 09:20:19 LAN 10.0.30.204:34780 74.125.225.41:443 TCP:FA
block May 31 09:20:18 LAN 10.0.30.204:34780 74.125.225.41:443 TCP:FA
block May 31 09:20:18 LAN 10.0.30.204:34780 74.125.225.41:443 TCP:FA
block May 31 09:19:55 LAN 10.0.30.204:55791 66.135.211.97:443 TCP:RA
block May 31 09:19:55 LAN 10.0.30.204:42246 66.135.211.97:443 TCP:RA
block May 31 09:14:46 LAN 10.0.30.204:40122 74.125.225.18:443 TCP:FA
block May 31 09:14:16 LAN 10.0.30.204:40122 74.125.225.18:443 TCP:FA -
out of state traffic, just FINs, nothing to be concerned about.
http://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection,_why%3F -
Figured there was a reasonable explanation. Thanks for the reply. As I figured the ooma just s#%@!!
-
"block May 31 12:38:32 LAN 10.0.30.204:45860 74.125.225.72:443 TCP:FPA"
I started noticing blocked packets like these with the RA flags set about a week ago and it returned to MarkMonitor.com, which is online brand protection, and had me wondering why since I don't download music or anything.
I blocked everything belonging to MarkMonitor.com ended up blocking Google and Youtube. :P
I'm glad to find out why I was seeing it too. :)