Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall logs show blocked traffic despite allow rule

    Scheduled Pinned Locked Moved 2.2 Snapshot Feedback and Problems - RETIRED
    4 Posts 2 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      blackjub
      last edited by

      Hello everyone,
      First of all, please excuse my poor english.

      I have a problem setting up a simple rig within our test labs at my company.
      Here's a schema explaining this setup :
      http://s28.postimg.org/8s3ndu1p9/schema_network.jpg
      (2 ISP routers, 1 load balancer, 1 pfSense PC acting as a simple NAT/firewall)

      The pfSense service has been installed on a small PC, having integrated Realtek 8111G NICs.
      Since pfSense 2.1.3 doesn't support these NICs without tampering with the module drivers, I prefered at first trying pfSense 2.2.
      (That I update from time to time, but so far, it didn't solve the problem)

      Here's the problem : I have a lot of firewall logs showing blocked traffic, despite an "allow all" rule.

      Please also check the screenshots from the "rules" and "logs" pages :
      http://s27.postimg.org/t0lgpvmpv/rules_firewall.jpg
      http://s28.postimg.org/4qhyufk0t/bug_firewall.jpg

      Source IPs within the logs are only Android mobile devices (Samsung Galaxy S3 or S4, LG Nexus 4โ€ฆ)
      A whois on destination IPs show that they belong to Google or Facebook.
      (There is no trace from any PC or server within the same subnet, meaning the "allow all" rule works fine for these)

      I don't understand why this is happening.
      What's more surprising, is that Facebook or Google services on these Android devices seem to work fine.

      Does anybody have any clue?
      Is there something more to allow, or to activate?
      (Or is this a simple bug, and should I file it?)

      In advance, thanks for any help you can provide!

      1 Reply Last reply Reply Quote 0
      • JeGrJ
        JeGr LAYER 8 Moderator
        last edited by

        That are FIN or ACK/FIN Packets. That was already discussed here: https://forum.pfsense.org/index.php?topic=39960.0

        Greets

        Don't forget to upvote ๐Ÿ‘ those who kindly offered their time and brainpower to help you!

        If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

        1 Reply Last reply Reply Quote 0
        • B
          blackjub
          last edited by

          Thank you very much for your help !

          1 Reply Last reply Reply Quote 0
          • JeGrJ
            JeGr LAYER 8 Moderator
            last edited by

            My pleasure.

            Don't forget to upvote ๐Ÿ‘ those who kindly offered their time and brainpower to help you!

            If you're interested, I'm available to discuss details of German-speaking paid support (for companies) if needed.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.