Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Some traffic bocked with explicit port forward

    Scheduled Pinned Locked Moved Firewalling
    4 Posts 2 Posters 996 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      dillbilly
      last edited by

      I'm trying to determine the source of some unexpected behaviour regarding port forwarding and traffic being logged as blocked by the firewall. I had set up an alias combining several ports to forward to my internal server, but I continued to see those ports show up in my firewall as being blocked by the default rule, though some connections are still being made to the internal server. I took the following steps to try to resolve the isuue:

      • I turned off logging of traffic blocked by the default rule after reading that some traffic listed as blocked by that rule are redundant packets
        I created a new rule to reject all traffic and placed it last in the rules list
        I deleted the rules which used the alias and explicitly forwarded each port

      I'm still seeing traffic logged with my custom rule

      @114 block return in log quick on em0 reply-to (em0 x.x.x.x) inet all label "USER_RULE: Default Reject Rule"
      

      however, not all traffic is being blocked, as my server still seems to be accepting connections.

      Any ideas?

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Post the rules and then maybe we might..

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • D
          dillbilly
          last edited by

          Port forward:
          If  Proto  Src. addr  Src. ports Dest. addr    Dest. ports    NAT IP    NAT Ports  Description
          WAN  TCP    *          *          WAN address  8321          x.x.x.x  8321

          Rules
          WAN
          Proto    Source  Port  Destination  Port      Gateway  Queue  Schedule    Description
          IPv4 TCP *        *      x.x.x.x      8321      *        none                NAT 
          IPv4 *  *        *      *            *        *        none                Default Reject Rule

          Server's VLAN
          Proto  Source      Port  Destination        Port      Gateway  Queue  Schedule
          IPv4*  VLAN248 net *      ! Private_Networks  *        *        none

          No other block rules are in place, the server and my server has connections established on 8321. I'm just confused as to why some packets are getting blocked and are apparently not being forwarded. It also seems like several in a row from the same source IP will be blocked, as opposed to a random selection of packets, but I have nothing in place to block any specific addresses.

          edited for formatting

          1 Reply Last reply Reply Quote 0
          • johnpozJ
            johnpoz LAYER 8 Global Moderator
            last edited by

            I thought there were more rules than this – so its possible other rule are doing something, without your full rule list its hard to say.  That looks normal for a forward yes.

            And what traffic is being blocked - are they SYN packets for new connections to that port?  Its quite normal to see blocked packets in a stateful firewall even to ports your forwarding.. Depending on the STATE of the session.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.