Firewall all kinds of weird and spontaneous blocks on LAN
-
Attached also the firewall rules for that VLAN50; I don't see any 'VLAN40' in here, so no clue why the previous weird picture.
![003 - Rule for VLAN40 works on VLAN50 -2.jpg](/public/imported_attachments/1/003 - Rule for VLAN40 works on VLAN50 -2.jpg)
![003 - Rule for VLAN40 works on VLAN50 -2.jpg_thumb](/public/imported_attachments/1/003 - Rule for VLAN40 works on VLAN50 -2.jpg_thumb) -
WAN2 (cable) blocked a private IP, but the destination is weird?
![005 - Bootpc on cable WAN.jpg](/public/imported_attachments/1/005 - Bootpc on cable WAN.jpg)
![005 - Bootpc on cable WAN.jpg_thumb](/public/imported_attachments/1/005 - Bootpc on cable WAN.jpg_thumb) -
Bootpc is bogon?
![004 - Bootpc is bogon.jpg](/public/imported_attachments/1/004 - Bootpc is bogon.jpg)
![004 - Bootpc is bogon.jpg_thumb](/public/imported_attachments/1/004 - Bootpc is bogon.jpg_thumb) -
NTP goes DNS.
![006 - NTP goes DNS.jpg](/public/imported_attachments/1/006 - NTP goes DNS.jpg)
![006 - NTP goes DNS.jpg_thumb](/public/imported_attachments/1/006 - NTP goes DNS.jpg_thumb) -
And the VLAN40 rules for the previous picture.
![008 - VLAN40.jpg](/public/imported_attachments/1/008 - VLAN40.jpg)
![008 - VLAN40.jpg_thumb](/public/imported_attachments/1/008 - VLAN40.jpg_thumb) -
Interfaces/WAN (VDSL).
![009 - Interfaces_WAN.jpg](/public/imported_attachments/1/009 - Interfaces_WAN.jpg)
![009 - Interfaces_WAN.jpg_thumb](/public/imported_attachments/1/009 - Interfaces_WAN.jpg_thumb) -
Interfaces/WAN2 (cable)
![010 - Interfaces_WAN2.jpg](/public/imported_attachments/1/010 - Interfaces_WAN2.jpg)
![010 - Interfaces_WAN2.jpg_thumb](/public/imported_attachments/1/010 - Interfaces_WAN2.jpg_thumb) -
Interfaces/LAN.
![011 - Intefaces - LAN.jpg](/public/imported_attachments/1/011 - Intefaces - LAN.jpg)
![011 - Intefaces - LAN.jpg_thumb](/public/imported_attachments/1/011 - Intefaces - LAN.jpg_thumb) -
Interfaces/VLAN40.
![012 - Intefaces - VLAN40.jpg](/public/imported_attachments/1/012 - Intefaces - VLAN40.jpg)
![012 - Intefaces - VLAN40.jpg_thumb](/public/imported_attachments/1/012 - Intefaces - VLAN40.jpg_thumb) -
Advanced/networking.
![013 - Advanced - Networking.jpg](/public/imported_attachments/1/013 - Advanced - Networking.jpg)
![013 - Advanced - Networking.jpg_thumb](/public/imported_attachments/1/013 - Advanced - Networking.jpg_thumb) -
System log settings.
![014 - SystemLog - Settings.jpg](/public/imported_attachments/1/014 - SystemLog - Settings.jpg)
![014 - SystemLog - Settings.jpg_thumb](/public/imported_attachments/1/014 - SystemLog - Settings.jpg_thumb) -
And, finally, the LAN rules in two parts (note the number of 'easy rules passed from firewall log view'. And even then they still aren't working, as the log is still flooded with IPv6 as shown in the first picture):
![007 - LAN-rules1.jpg](/public/imported_attachments/1/007 - LAN-rules1.jpg)
![007 - LAN-rules1.jpg_thumb](/public/imported_attachments/1/007 - LAN-rules1.jpg_thumb) -
LAN rules part 2:
![007 - LAN-rules2.jpg](/public/imported_attachments/1/007 - LAN-rules2.jpg)
![007 - LAN-rules2.jpg_thumb](/public/imported_attachments/1/007 - LAN-rules2.jpg_thumb) -
And finally, the multicast-alias in the LAN rules:
![015 - multicast alias.jpg](/public/imported_attachments/1/015 - multicast alias.jpg)
![015 - multicast alias.jpg_thumb](/public/imported_attachments/1/015 - multicast alias.jpg_thumb) -
So I will be feeling hugely indebted to everybody who can help me solve this, that goes without saying :P
(because it is driving me crazy, this flooding of logs which I am trying to fight with the firewall rules every day :-[).
Thank you in advance very much (really :-*),
Bye ;D
-
EDIT: I forgot one screenshot from the general system log. Errors 'finding Ipv6 gateway' (?) on both WAN and WAN2 (=opt4).
I should also add that I added this WAN2 a couple of days ago (I don't know exactly when anymore), and I also don't know if that is when the IPv6-flooding in the logs and the error in the attached picture began :-\
![016 - system log error.jpg](/public/imported_attachments/1/016 - system log error.jpg)
![016 - system log error.jpg_thumb](/public/imported_attachments/1/016 - system log error.jpg_thumb) -
Cry. WIFE is angry with me now :-[
This is happening as I was busy with my failover WAN:
![017 - WIFE complains.jpg](/public/imported_attachments/1/017 - WIFE complains.jpg)
![017 - WIFE complains.jpg_thumb](/public/imported_attachments/1/017 - WIFE complains.jpg_thumb) -
And this, floods of it:
![018 - WIFE2.jpg](/public/imported_attachments/1/018 - WIFE2.jpg)
![018 - WIFE2.jpg_thumb](/public/imported_attachments/1/018 - WIFE2.jpg_thumb) -
Everyone of those seems to me blocked because of states out of sync you notice the tcp flags on the proto
TCP Flags: F - FIN, S - SYN, A or . - ACK, R - RST, P - PSH, U - URG, E - ECE, W - CWR
https://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection,_why%3F
This is going to happen when you have something get out of wack where pfsense states do not list these connections and then sees traffic. Can happen when you clear states or reboot pfsense. Can happen if you have devices that are in and out of the network, say wireless devices for example. I mostly see these in my logs from my sons phone. This sort of thing is common and will happen with any stateful firewall.
-
Everyone of those seems to me blocked because of states out of sync you notice the tcp flags on the proto
TCP Flags: F - FIN, S - SYN, A or . - ACK, R - RST, P - PSH, U - URG, E - ECE, W - CWR
https://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection,_why%3F
This is going to happen when you have something get out of wack where pfsense states do not list these connections and then sees traffic. Can happen when you clear states or reboot pfsense. Can happen if you have devices that are in and out of the network, say wireless devices for example. I mostly see these in my logs from my sons phone. This sort of thing is common and will happen with any stateful firewall.
Thanks for your fast reply, John ;D
(I can't hit the 'thanks' button more than once in a thread and I apparently already did).
I will read the link you posted. But I think it doesn't cover everything. For example, the extreme IPv6-flooding, the 127.0.0.1 stuff that keeps coming up (this last one, might this be a squid-problem?), all that 'broadcasting' (224.x.x.x etc stuff)? Would you know how to get rid of that?
Thank you for your help, John: it is appreciated very much ;D