Firewall Blocking TCP:S
-
Hi Guys,
I have a PFsense 2.1 .
I have a WAN interface Bridged with My DMZ interface.
My Firewall rules are in the WAN interface. ( DMZ is allow all )
In the firewall rules i allow port 80 , but i am getting a lot of these blocks in the logs
TCP:S and TCP:FA
In system advanced firewall i added this rule : Bypass firewall rules for traffic on the same interface
In the firewall rules TCP FLags I enabled and disabled any flags to see if it has made a difference…
Can anyone help me out here?
-
https://forum.pfsense.org/index.php/topic,60660.msg326700.html#msg326700
https://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection,_why%3F
-
Hi yes i read those posts, and wanted to check out the docs but:
There is currently no text in this page. You can search for this page title in other pages, or search the related logs.
When you have a allow rule and in advanced checked the TCP flags it should allow them right?
-
Those would explain FA blocks, what do you mean there is no text in this page.. Those above links work fine for me.
If your blocking S packets you don't have a rule to allow the traffic would be my guess. You say you have a bridge between wan and dmz. So is the traffic hitting the bridge interface or your wan interface?
What rules do you have on your bridge?
-
jimp refers to a docs in the forum topic:
That is part of a connection teardown. It's not blocking any user data.
http://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection,_why%3F <– this link does workMy Traffic is hitting the WAN section . Where my rules are.
I Will check it out by disabling some rules
Thanks
-
this link works fine
https://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection,_why%3FSo FAs yeah normally mean out of state issue.. But Syn should be allowed if your firewall rules/forwards allow for it.
So post up your rules and or forwards and lets take a look see.