System Logs Firewall LAN blockage entry



  • In System Logs: Firewall I see this:
    block Jun 18 19:30:53 LAN 192.168.0.1:443 70.193.208.137:16646 TCP:PA

    I have the last LAN rule as
    pass everything  ( * * * * * * none   )

    The blockage reason is:
    "The rule that triggered this action is:

    @1 scrub in on em0 all fragment reassemble
    @1 block drop in log all label "Default deny rule"

    I do not understand why this packet is being blocked?

    em0 is the LAN interface.

    I also have a NAT entry:
    WAN TCP/UDP * * WAN address 443 (HTTPS) 192.168.0.1 443 (HTTPS)
    with an associated WAN rule:
    TCP/UDP * * 192.168.1.2 443 (HTTPS) * none  
    Any Suggestiuons:
    Does it have to do with the PA in TCP:PA?

    The easy rule Pass this traffic puts a rule in the LAN interface right after the pass any rule that I think should have given it permission anyway.



  • @etspower:

    In System Logs: Firewall I see this:
    block Jun 18 19:30:53 LAN 192.168.0.1:443 70.193.208.137:16646 TCP:PA

    I have the last LAN rule as
    pass everything  ( * * * * * * none   )

    The blockage reason is:
    "The rule that triggered this action is:

    @1 scrub in on em0 all fragment reassemble
    @1 block drop in log all label "Default deny rule"

    I do not understand why this packet is being blocked?

    em0 is the LAN interface.

    I also have a NAT entry:
    WAN TCP/UDP * * WAN address 443 (HTTPS) 192.168.0.1 443 (HTTPS)
    with an associated WAN rule:
    TCP/UDP * * 192.168.1.2 443 (HTTPS) * none  
    Any Suggestiuons:
    Does it have to do with the PA in TCP:PA?

    The easy rule Pass this traffic puts a rule in the LAN interface right after the pass any rule that I think should have given it permission anyway.

    Some problem here.
    Searching the forum, noticied that question on this problem was always not answered.
    Is there some trivial trick that solve the problem?

    I have a 2.03 box that was upgraded from 1.x
    I am almost sure that when the box was 1.x the NAT rules work as expected.

    Thanks, P.


Log in to reply