Why is 'Default deny rule IPv4' blocking outbound 80/443?
-
I am trying to understand why pfSense is blocking outbound requests to port 80 and port 443. It occurs most commonly with devices, such as Android, Roku and even DirecTV. Perhaps not in this sample, but usually most of the destination IP addresses belong to 1e100.net (Google's catch-all domain for various services), but one thing that is odd is when I use the Android Roku app to connect to a local Roku device, the Roku sends requests out to a public IP address and pfSense blocks those requests, preventing me from connecting my Android Roku app to my Roku device.
Here is a sample of the logs I am getting, all with
@3 block drop in log inet all label "Default deny rule IPv4"
as the rule that triggered these actions:
Jul 18 09:01:28 LAN2 192.168.42.211:53027 193.149.76.16:443 TCP:RA Jul 18 09:01:18 LAN2 192.168.42.211:53015 168.61.208.90:443 TCP:RA Jul 18 09:01:17 LAN2 192.168.42.211:53027 193.149.76.16:443 TCP:FPA Jul 18 09:01:09 LAN2 192.168.42.211:53015 168.61.208.90:443 TCP:FPA Jul 18 09:01:07 LAN2 192.168.42.211:53027 193.149.76.16:443 TCP:FPA Jul 18 09:01:00 LAN2 192.168.42.211:53015 168.61.208.90:443 TCP:FPA Jul 18 09:00:56 LAN2 192.168.42.211:53027 193.149.76.16:443 TCP:FPA Jul 18 09:00:51 LAN2 192.168.42.211:53015 168.61.208.90:443 TCP:FPA Jul 18 09:00:46 LAN2 192.168.42.211:53027 193.149.76.16:443 TCP:FPA Jul 18 09:00:42 LAN2 192.168.42.211:53015 168.61.208.90:443 TCP:FPA Jul 18 09:00:36 LAN2 192.168.42.211:53027 193.149.76.16:443 TCP:FPA Jul 18 09:00:32 LAN2 192.168.42.211:53015 168.61.208.90:443 TCP:FPA Jul 18 09:00:25 LAN2 192.168.42.211:53027 193.149.76.16:443 TCP:FPA Jul 18 09:00:23 LAN2 192.168.42.211:53015 168.61.208.90:443 TCP:FPA Jul 18 09:00:15 LAN2 192.168.42.211:53027 193.149.76.16:443 TCP:FPA Jul 18 09:00:14 LAN2 192.168.42.211:53015 168.61.208.90:443 TCP:FPA Jul 18 09:00:09 LAN2 192.168.42.211:53027 193.149.76.16:443 TCP:FPA Jul 18 09:00:09 LAN2 192.168.42.211:53015 168.61.208.90:443 TCP:FPA Jul 18 09:00:06 LAN2 192.168.42.211:53027 193.149.76.16:443 TCP:FPA Jul 18 09:00:05 LAN2 192.168.42.211:53015 168.61.208.90:443 TCP:FPA Jul 18 09:00:03 LAN2 192.168.42.211:53027 193.149.76.16:443 TCP:FPA Jul 18 09:00:03 LAN2 192.168.42.211:53015 168.61.208.90:443 TCP:FPA Jul 18 09:00:02 LAN2 192.168.42.211:53015 168.61.208.90:443 TCP:FPA Jul 18 09:00:02 LAN2 192.168.42.211:53027 193.149.76.16:443 TCP:FPA Jul 18 09:00:01 LAN2 192.168.42.211:53015 168.61.208.90:443 TCP:FPA Jul 18 09:00:01 LAN2 192.168.42.211:53027 193.149.76.16:443 TCP:FPA Jul 18 09:00:01 LAN2 192.168.42.211:53027 193.149.76.16:443 TCP:FA Jul 18 09:00:01 LAN2 192.168.42.211:53027 193.149.76.16:443 TCP:PA Jul 18 09:00:01 LAN2 192.168.42.211:53015 168.61.208.90:443 TCP:FA Jul 18 09:00:01 LAN2 192.168.42.211:53015 168.61.208.90:443 TCP:PA Jul 18 08:45:44 LAN2 192.168.42.211:52961 193.149.72.38:443 TCP:RA Jul 18 08:45:35 LAN2 192.168.42.211:52961 193.149.72.38:443 TCP:FPA Jul 18 08:45:25 LAN2 192.168.42.211:52961 193.149.72.38:443 TCP:FPA Jul 18 08:45:16 LAN2 192.168.42.211:52961 193.149.72.38:443 TCP:FPA Jul 18 08:45:07 LAN2 192.168.42.211:52961 193.149.72.38:443 TCP:FPA Jul 18 08:44:58 LAN2 192.168.42.211:52961 193.149.72.38:443 TCP:FPA Jul 18 08:44:48 LAN2 192.168.42.211:52961 193.149.72.38:443 TCP:FPA Jul 18 08:44:39 LAN2 192.168.42.211:52961 193.149.72.38:443 TCP:FPA Jul 18 08:44:34 LAN2 192.168.42.211:52961 193.149.72.38:443 TCP:FPA Jul 18 08:44:30 LAN2 192.168.42.211:52961 193.149.72.38:443 TCP:FPA Jul 18 08:44:28 LAN2 192.168.42.211:52961 193.149.72.38:443 TCP:FPA Jul 18 08:44:27 LAN2 192.168.42.211:52961 193.149.72.38:443 TCP:FPA Jul 18 08:44:26 LAN2 192.168.42.211:52961 193.149.72.38:443 TCP:FPA Jul 18 08:44:26 LAN2 192.168.42.211:52961 193.149.72.38:443 TCP:FA Jul 18 08:44:26 LAN2 192.168.42.211:52961 193.149.72.38:443 TCP:PA Jul 18 08:12:55 LAN1 192.168.41.111:55485 184.73.220.241:443 TCP:RA Jul 18 08:12:55 LAN1 192.168.41.111:49344 54.235.219.90:443 TCP:RA Jul 18 08:12:55 LAN1 192.168.41.111:36458 23.21.54.176:443 TCP:RA Jul 18 08:12:55 LAN1 192.168.41.111:40100 50.112.106.255:443 TCP:RA Jul 18 08:12:55 LAN1 192.168.41.111:47908 54.245.107.142:443 TCP:RA Jul 18 08:08:10 LAN1 192.168.41.111:52101 23.61.194.211:80 TCP:FA Jul 18 08:08:07 LAN1 192.168.41.111:32896 23.61.194.193:80 TCP:FA Jul 18 08:08:07 LAN1 192.168.41.111:52101 23.61.194.211:80 TCP:FA Jul 18 08:08:05 LAN1 192.168.41.111:32896 23.61.194.193:80 TCP:FA Jul 18 08:08:05 LAN1 192.168.41.111:52101 23.61.194.211:80 TCP:FA Jul 18 08:08:05 LAN1 192.168.41.111:32896 23.61.194.193:80 TCP:FA Jul 18 08:08:04 LAN1 192.168.41.111:52101 23.61.194.211:80 TCP:FA Jul 18 08:08:04 LAN1 192.168.41.111:32896 23.61.194.193:80 TCP:FA Jul 18 08:08:04 LAN1 192.168.41.111:32896 23.61.194.193:80 TCP:FA Jul 18 08:08:04 LAN1 192.168.41.111:52101 23.61.194.211:80 TCP:FA Jul 18 08:05:30 LAN1 192.168.41.111:32847 23.61.194.193:80 TCP:FPA Jul 18 08:05:28 LAN1 192.168.41.111:52052 23.61.194.211:80 TCP:FPA Jul 18 08:05:28 LAN1 192.168.41.111:32847 23.61.194.193:80 TCP:FPA Jul 18 08:05:27 LAN1 192.168.41.111:32847 23.61.194.193:80 TCP:FPA Jul 18 08:05:26 LAN1 192.168.41.111:32847 23.61.194.193:80 TCP:FPA Jul 18 08:05:26 LAN1 192.168.41.111:52052 23.61.194.211:80 TCP:FPA Jul 18 08:05:26 LAN1 192.168.41.111:32847 23.61.194.193:80 TCP:FA Jul 18 08:05:26 LAN1 192.168.41.111:32847 23.61.194.193:80 TCP:PA Jul 18 08:05:25 LAN1 192.168.41.111:52052 23.61.194.211:80 TCP:FPA Jul 18 08:05:25 LAN1 192.168.41.111:52052 23.61.194.211:80 TCP:FPA Jul 18 08:05:25 LAN1 192.168.41.111:52052 23.61.194.211:80 TCP:FA Jul 18 08:05:25 LAN1 192.168.41.111:52052 23.61.194.211:80 TCP:PA Jul 18 08:03:41 LAN2 192.168.42.208:39039 54.225.183.180:443 TCP:RA Jul 18 08:03:41 LAN2 192.168.42.208:39039 54.225.183.180:443 TCP:PA Jul 18 08:03:38 LAN2 192.168.42.208:34603 54.214.22.107:443 TCP:RA Jul 18 08:03:38 LAN2 192.168.42.208:34603 54.214.22.107:443 TCP:PA Jul 18 08:03:38 LAN2 192.168.42.208:54882 54.245.242.161:443 TCP:RA Jul 18 08:03:38 LAN2 192.168.42.208:54882 54.245.242.161:443 TCP:PA Jul 18 08:03:38 LAN2 192.168.42.208:54877 54.245.242.161:443 TCP:RA Jul 18 08:03:38 LAN2 192.168.42.208:54877 54.245.242.161:443 TCP:PA Jul 18 08:03:38 LAN2 192.168.42.208:54864 54.245.242.161:443 TCP:RA Jul 18 08:03:38 LAN2 192.168.42.208:54864 54.245.242.161:443 TCP:PA Jul 18 08:03:37 LAN2 192.168.42.208:54866 54.245.242.161:443 TCP:RA Jul 18 08:03:37 LAN2 192.168.42.208:54866 54.245.242.161:443 TCP:PA Jul 18 07:50:06 LAN2 192.168.42.211:58638 206.18.105.29:443 TCP:RA Jul 18 07:49:49 LAN2 192.168.42.211:58638 206.18.105.29:443 TCP:FPA Jul 18 07:49:32 LAN2 192.168.42.211:58638 206.18.105.29:443 TCP:FPA Jul 18 07:49:15 LAN2 192.168.42.211:58638 206.18.105.29:443 TCP:FPA Jul 18 07:48:58 LAN2 192.168.42.211:58638 206.18.105.29:443 TCP:FPA Jul 18 07:48:41 LAN2 192.168.42.211:58638 206.18.105.29:443 TCP:FPA Jul 18 07:48:24 LAN2 192.168.42.211:58638 206.18.105.29:443 TCP:FPA Jul 18 07:48:07 LAN2 192.168.42.211:58638 206.18.105.29:443 TCP:FPA Jul 18 07:47:58 LAN2 192.168.42.211:58638 206.18.105.29:443 TCP:FPA Jul 18 07:47:52 LAN2 192.168.42.211:58638 206.18.105.29:443 TCP:FPA Jul 18 07:47:49 LAN2 192.168.42.211:58638 206.18.105.29:443 TCP:FPA Jul 18 07:47:47 LAN2 192.168.42.211:58638 206.18.105.29:443 TCP:FPA Jul 18 07:47:46 LAN2 192.168.42.211:58638 206.18.105.29:443 TCP:FPA Jul 18 07:47:45 LAN2 192.168.42.211:58638 206.18.105.29:443 TCP:FA Jul 18 07:47:45 LAN2 192.168.42.211:58638 206.18.105.29:443 TCP:PA Jul 18 07:23:23 LAN1 192.168.41.204:42989 74.125.239.116:443 TCP:PA Jul 18 07:22:43 LAN1 192.168.41.204:42004 107.22.235.13:443 TCP:FA Jul 18 07:22:43 LAN1 192.168.41.204:55695 91.236.122.56:443 TCP:FPA Jul 18 07:22:07 LAN1 192.168.41.204:39960 216.115.97.236:443 TCP:FPA Jul 18 07:22:05 LAN1 192.168.41.204:42004 107.22.235.13:443 TCP:FA Jul 18 07:22:05 LAN1 192.168.41.204:50181 199.59.148.10:443 TCP:FPA Jul 18 07:21:56 LAN1 192.168.41.204:55695 91.236.122.56:443 TCP:FPA Jul 18 07:21:46 LAN1 192.168.41.204:42004 107.22.235.13:443 TCP:FA Jul 18 07:21:39 LAN1 192.168.41.204:39960 216.115.97.236:443 TCP:FPA Jul 18 07:21:37 LAN1 192.168.41.204:42004 107.22.235.13:443 TCP:FA Jul 18 07:21:34 LAN1 192.168.41.204:50181 199.59.148.10:443 TCP:FPA Jul 18 07:21:33 LAN1 192.168.41.204:55695 91.236.122.56:443 TCP:FPA Jul 18 07:21:32 LAN1 192.168.41.204:42004 107.22.235.13:443 TCP:FA Jul 18 07:21:30 LAN1 192.168.41.204:42004 107.22.235.13:443 TCP:FA Jul 18 07:21:28 LAN1 192.168.41.204:42004 107.22.235.13:443 TCP:FA Jul 18 07:21:28 LAN1 192.168.41.204:42004 107.22.235.13:443 TCP:FA Jul 18 07:21:28 LAN1 192.168.41.204:42004 107.22.235.13:443 TCP:FA Jul 18 07:21:24 LAN1 192.168.41.204:39960 216.115.97.236:443 TCP:FPA Jul 18 07:21:22 LAN1 192.168.41.204:42989 74.125.239.116:443 TCP:PA Jul 18 07:21:21 LAN1 192.168.41.204:55695 91.236.122.56:443 TCP:FPA Jul 18 07:21:18 LAN1 192.168.41.204:50181 199.59.148.10:443 TCP:FPA Jul 18 07:21:17 LAN1 192.168.41.204:39960 216.115.97.236:443 TCP:FPA Jul 18 07:21:16 LAN1 192.168.41.204:55695 91.236.122.56:443 TCP:FPA Jul 18 07:21:13 LAN1 192.168.41.204:39960 216.115.97.236:443 TCP:FPA Jul 18 07:21:13 LAN1 192.168.41.204:55695 91.236.122.56:443 TCP:FPA Jul 18 07:21:11 LAN1 192.168.41.204:39960 216.115.97.236:443 TCP:FPA Jul 18 07:21:11 LAN1 192.168.41.204:55695 91.236.122.56:443 TCP:FPA Jul 18 07:21:11 LAN1 192.168.41.204:50181 199.59.148.10:443 TCP:FPA Jul 18 07:21:11 LAN1 192.168.41.204:39960 216.115.97.236:443 TCP:FPA Jul 18 07:21:10 LAN1 192.168.41.204:55695 91.236.122.56:443 TCP:FA Jul 18 07:21:10 LAN1 192.168.41.204:55695 91.236.122.56:443 TCP:PA Jul 18 07:21:10 LAN1 192.168.41.204:39960 216.115.97.236:443 TCP:FPA Jul 18 07:21:10 LAN1 192.168.41.204:39960 216.115.97.236:443 TCP:FA Jul 18 07:21:10 LAN1 192.168.41.204:39960 216.115.97.236:443 TCP:PA Jul 18 07:21:07 LAN1 192.168.41.204:50181 199.59.148.10:443 TCP:FPA Jul 18 07:21:05 LAN1 192.168.41.204:50181 199.59.148.10:443 TCP:FPA Jul 18 07:21:04 LAN1 192.168.41.204:50181 199.59.148.10:443 TCP:FPA Jul 18 07:21:03 LAN1 192.168.41.204:50181 199.59.148.10:443 TCP:FPA Jul 18 07:21:03 LAN1 192.168.41.204:50181 199.59.148.10:443 TCP:FA Jul 18 07:21:03 LAN1 192.168.41.204:50181 199.59.148.10:443 TCP:PA Jul 18 06:42:33 LAN1 192.168.41.204:42989 74.125.239.116:443 TCP:PA Jul 18 06:08:42 LAN1 192.168.41.204:59863 74.125.239.49:443 TCP:A Jul 18 05:50:32 LAN1 192.168.41.204:59863 74.125.239.49:443 TCP:A Jul 18 05:41:02 LAN1 192.168.41.204:59863 74.125.239.49:443 TCP:A Jul 18 05:38:35 LAN1 192.168.41.204:59863 74.125.239.49:443 TCP:A Jul 18 05:36:31 LAN1 192.168.41.204:59863 74.125.239.49:443 TCP:A Jul 18 05:36:17 LAN1 192.168.41.204:59863 74.125.239.49:443 TCP:A Jul 18 05:36:16 LAN1 192.168.41.204:59863 74.125.239.49:443 TCP:A Jul 18 05:36:16 LAN1 192.168.41.204:59863 74.125.239.49:443 TCP:A Jul 18 05:36:15 LAN1 192.168.41.204:59863 74.125.239.49:443 TCP:FPA Jul 18 05:36:15 LAN1 192.168.41.204:59863 74.125.239.49:443 TCP:PA Jul 18 05:36:15 LAN1 192.168.41.204:59863 74.125.239.49:443 TCP:A Jul 18 05:35:51 LAN1 192.168.41.204:42989 74.125.239.116:443 TCP:PA Jul 18 04:55:28 LAN2 192.168.42.208:33206 74.125.224.48:443 TCP:FA Jul 18 04:47:15 LAN2 192.168.42.208:33206 74.125.224.48:443 TCP:PA Jul 18 04:43:01 LAN2 192.168.42.208:33206 74.125.224.48:443 TCP:PA Jul 18 04:41:01 LAN2 192.168.42.208:33206 74.125.224.48:443 TCP:PA Jul 18 04:39:00 LAN2 192.168.42.208:33206 74.125.224.48:443 TCP:PA Jul 18 04:37:07 LAN2 192.168.42.208:33206 74.125.224.48:443 TCP:PA Jul 18 04:36:11 LAN2 192.168.42.208:33206 74.125.224.48:443 TCP:PA Jul 18 04:35:43 LAN2 192.168.42.208:33206 74.125.224.48:443 TCP:PA Jul 18 04:35:29 LAN2 192.168.42.208:33206 74.125.224.48:443 TCP:PA Jul 18 04:35:22 LAN2 192.168.42.208:33206 74.125.224.48:443 TCP:PA Jul 18 04:35:18 LAN2 192.168.42.208:33206 74.125.224.48:443 TCP:PA Jul 18 04:35:16 LAN2 192.168.42.208:33206 74.125.224.48:443 TCP:PA Jul 18 04:35:15 LAN2 192.168.42.208:33206 74.125.224.48:443 TCP:PA Jul 18 04:35:15 LAN2 192.168.42.208:33206 74.125.224.48:443 TCP:PA Jul 18 04:35:15 LAN2 192.168.42.208:33206 74.125.224.48:443 TCP:PA Jul 18 04:30:32 LAN1 192.168.41.204:42989 74.125.239.116:443 TCP:PA Jul 18 04:27:00 LAN2 192.168.42.208:52173 74.125.239.114:443 TCP:PA Jul 18 04:25:00 LAN2 192.168.42.208:52173 74.125.239.114:443 TCP:PA Jul 18 04:23:00 LAN2 192.168.42.208:52173 74.125.239.114:443 TCP:PA Jul 18 04:20:59 LAN2 192.168.42.208:52173 74.125.239.114:443 TCP:PA Jul 18 04:18:59 LAN2 192.168.42.208:52173 74.125.239.114:443 TCP:PA Jul 18 04:16:59 LAN2 192.168.42.208:52173 74.125.239.114:443 TCP:PA Jul 18 04:15:06 LAN2 192.168.42.208:52173 74.125.239.114:443 TCP:PA Jul 18 04:09:44 LAN2 192.168.42.208:52173 74.125.239.114:443 TCP:PA Jul 18 04:06:04 LAN2 192.168.42.208:52173 74.125.239.114:443 TCP:PA Jul 18 03:56:02 LAN1 192.168.41.204:57284 74.125.239.50:443 TCP:A Jul 18 03:47:19 LAN1 192.168.41.204:57284 74.125.239.50:443 TCP:A Jul 18 03:41:34 LAN1 192.168.41.204:57284 74.125.239.50:443 TCP:A Jul 18 03:38:02 LAN1 192.168.41.204:57284 74.125.239.50:443 TCP:A Jul 18 03:36:17 LAN1 192.168.41.204:57284 74.125.239.50:443 TCP:A Jul 18 03:36:15 LAN1 192.168.41.204:57284 74.125.239.50:443 TCP:A Jul 18 03:36:14 LAN1 192.168.41.204:57284 74.125.239.50:443 TCP:A Jul 18 03:36:14 LAN1 192.168.41.204:57284 74.125.239.50:443 TCP:A Jul 18 03:36:14 LAN1 192.168.41.204:57284 74.125.239.50:443 TCP:FPA Jul 18 03:36:14 LAN1 192.168.41.204:57284 74.125.239.50:443 TCP:PA Jul 18 03:36:14 LAN1 192.168.41.204:57284 74.125.239.50:443 TCP:A Jul 18 03:36:01 LAN2 192.168.42.208:52173 74.125.239.114:443 TCP:PA Jul 18 03:29:02 LAN1 192.168.41.204:42989 74.125.239.116:443 TCP:PA Jul 18 03:09:02 LAN2 192.168.42.208:52173 74.125.239.114:443 TCP:PA Jul 18 02:57:02 LAN2 192.168.42.208:52173 74.125.239.114:443 TCP:PA Jul 18 02:35:05 LAN2 192.168.42.208:52173 74.125.239.114:443 TCP:PA Jul 18 02:35:04 LAN1 192.168.41.204:42989 74.125.239.116:443 TCP:PA Jul 18 02:31:04 LAN2 192.168.42.208:52173 74.125.239.114:443 TCP:PA Jul 18 02:31:03 LAN2 192.168.42.208:52173 74.125.239.114:443 TCP:PA Jul 18 02:31:03 LAN2 192.168.42.208:52173 74.125.239.114:443 TCP:PA Jul 18 02:05:02 LAN1 192.168.41.204:42989 74.125.239.116:443 TCP:PA
BTW, the initially named 'LAN' was renamed to LAN1 and the LAN2 (reconfigured/renamed OPT1) blocking rule is basically a copy and paste of the LAN rule created during install.
Edited to add: Not all port 80/443 requests are being blocked, just some of them.
-
https://forum.pfsense.org/index.php?topic=39960.0
https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection
-
PFSense is enforcing proper TCP. For whatever reason, the state for that TCP session does not exist. You can't send ACK packets for a session that does not exist, so PFSense blocks them.
It was mentioned that asymmetrical routing is a common reason. This would agree with my wife's cellphone doing this a lot. I assume it's primarily when her cell phone switches between WIFI and 4G. I haven't wiresharked it, but that's because it doesn't happen often, but when it does, it happens in bursts.