• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Black Arrow in IF column in log

Scheduled Pinned Locked Moved General pfSense Questions
3 Posts 2 Posters 2.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • T Offline
    terryp
    last edited by Feb 6, 2015, 3:29 PM

    I have an ATT router and the WAN port of my PfSense box is connected to port 1 of that router, and it is set up as DMZ in the ATT router so the PfSense WAN IP is my actual Internet IP address. I have a lot of entries in the Firewall log that has a black arrow and "WAN" in the Interface column (see attached image) and the Source is my WAN IP and the target is an Internet external IP. The protocol is always TCP:FA or TCP:RA. Can someone please tell me what the black arrow in the IF column of the Firewall log is? Thank you in advance.
    log_interface.jpg

    1 Reply Last reply Reply Quote 0
    • J Offline
      jimp Rebel Alliance Developer Netgate
      last edited by Feb 10, 2015, 9:32 PM

      The arrow means it's being blocked in the Outbound direction.

      https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection
      https://doc.pfsense.org/index.php/Asymmetric_Routing_and_Firewall_Rules

      Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

      Need help fast? Netgate Global Support!

      Do not Chat/PM for help!

      1 Reply Last reply Reply Quote 0
      • T Offline
        terryp
        last edited by Feb 11, 2015, 1:24 PM

        Thank you for the response. I had already researched and saw the page at the link you provided and went through the processes there. It did not resolve the issue.

        I have set no-logged firewall rules both allowing and blocking the WAN interface (one at a time, not both at once) outbound access to any host, internal or external, using any protocol as well as TCP / all flags allowed, as a test. It still blocks it and logs it, telling me that the rule is not applying.

        I believe the issue lies with a wireless router I have. I had flashed a Linksys/Cisco wireless router with DD-WRT and used one of their guides to set it up as a "dumb" switch. I then connected it to VLAN16 (192.168.16.0/24). All communications work well to and from the wireless hosts (ping, Internet access, etc).

        These log entries only appear when a wireless host is connected (such as a laptop or cell phone) and 90% of the external hosts are Google servers (the are all android phones). So, I'm thinking it has something to do with the setup on the router. I'm looking further into it at DD-WRT's website. Thanks again for your response.

        1 Reply Last reply Reply Quote 0
        3 out of 3
        • First post
          3/3
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
          This community forum collects and processes your personal information.
          consent.not_received