Firewall logs show blocked traffic despite allow rule
-
Hello everyone,
First of all, please excuse my poor english.I have a problem setting up a simple rig within our test labs at my company.
Here's a schema explaining this setup :
http://s28.postimg.org/8s3ndu1p9/schema_network.jpg
(2 ISP routers, 1 load balancer, 1 pfSense PC acting as a simple NAT/firewall)The pfSense service has been installed on a small PC, having integrated Realtek 8111G NICs.
Since pfSense 2.1.3 doesn't support these NICs without tampering with the module drivers, I prefered at first trying pfSense 2.2.
(That I update from time to time, but so far, it didn't solve the problem)Here's the problem : I have a lot of firewall logs showing blocked traffic, despite an "allow all" rule.
Please also check the screenshots from the "rules" and "logs" pages :
http://s27.postimg.org/t0lgpvmpv/rules_firewall.jpg
http://s28.postimg.org/4qhyufk0t/bug_firewall.jpgSource IPs within the logs are only Android mobile devices (Samsung Galaxy S3 or S4, LG Nexus 4โฆ)
A whois on destination IPs show that they belong to Google or Facebook.
(There is no trace from any PC or server within the same subnet, meaning the "allow all" rule works fine for these)I don't understand why this is happening.
What's more surprising, is that Facebook or Google services on these Android devices seem to work fine.Does anybody have any clue?
Is there something more to allow, or to activate?
(Or is this a simple bug, and should I file it?)In advance, thanks for any help you can provide!
-
That are FIN or ACK/FIN Packets. That was already discussed here: https://forum.pfsense.org/index.php?topic=39960.0
Greets
-
Thank you very much for your help !
-
My pleasure.
