Web Ports Getting Blocked
-
This morning none of my web sites worked so I checked everything and it was the firewall blocking the requests. I rebooted the firewall and all is well again. In the logs I see all the blocked requests, but how do I determine why they were blocked or how they were blocked?
-
Perhaps someone could advise if you posted the firewall logs and firewall rules…
-
There are only 2 rules in place:
WAN * 80 LAN x.x.x.x 80
WAN * 80 LAN x.x.x.x 443Log entries:
Mar 16 11:01:43 X WAN x.x.x.x:61229 x.x.x.x:443 TCP:S
Mar 16 11:01:43 X WAN x.x.x.x:61229 x.x.x.x:443 TCP:S
Mar 16 11:01:43 X WAN x.x.x.x:61229 x.x.x.x:80 TCP:S
Mar 16 11:01:43 X WAN x.x.x.x:61229 x.x.x.x:443 TCP:S
Mar 16 11:01:43 X WAN x.x.x.x:61229 x.x.x.x:80 TCP:S -
Awesome. Not interested in this obfuscation nonsense. Either post the real thing screenshots or try a crystal ball.
-
Log screen shot attached
Web Server rules attached
I only run web and only have 2 rules for the HTTP and HTTPS, I do not have any other NAT rules
-
Hmmm - Are you trolling?
This is two different threads where you seem to be just willfully making things difficult on either yourself or us.
-
Which part of "not interested in this obfuscation nonsense" was unclear?! Not going to waste more time here. Go help yourself.
-
Clicking on the red X will tell you what rule blocked the traffic.
-
Clicking on the red X will tell you what rule blocked the traffic.
Thanks, that helped out a lot
-
Per the info just like D said hover over the X to see the rule and then post the rule that was blocking it or Google it
-
Which part of "not interested in this obfuscation nonsense" was unclear?! Not going to waste more time here. Go help yourself.
You ever think I am not understanding what you mean? I screen shot the rules and log entries and posted them as your requested.
-
protect your public IP if you want.
passwords and usernames.
But often, the internal network settings and IPs is required info to help anyone.
-
protect your public IP if you want.
passwords and usernames.
But often, the internal network settings and IPs is required info to help anyone.
Gotcha, thanks for the info
-
protect your public IP if you want.
passwords and usernames.
But often, the internal network settings and IPs is required info to help anyone.
I have only been using this system for a couple months at most
-
-
Clicking on the red X will tell you what rule blocked the traffic.
Thanks, that helped out a lot
What did it tell you?
Sorry, I was put off by the 2 members above, this was the code it showed, I have been Google'in for info on it:
block/1000000117
Rebooting allowed traffic to the web server again
SNORT shows nothing blocked, not using any other services other then what 2.2 came with
-
Google won't find it. That's a rule number. It's different on every system.
There wasn't anything else? pfSense (pf) simply doesn't do what you're describing. Do you have pass rules relying on anything that might change like FQDNs in aliases or anything like that?
-
SNORT shows nothing blocked
What other damn packages might be in the way?
-
Log screen shot attached
You can also enable the "Rule Column" in Status : System Logs : Settings instead of having to click the "Red x" to see the rule.
Scroll down and you will see an option "Filter Descriptions" - Select "Display as column"
ps - In regards to Snort. I suggest you start by running it in non-blocking mode. Then after you have cleared any False Positives Rules, you can re-enable Blocking Mode.
