Web Ports Getting Blocked



  • This morning none of my web sites worked so I checked everything and it was the firewall blocking the requests. I rebooted the firewall and all is well again. In the logs I see all the blocked requests, but how do I determine why they were blocked or how they were blocked?


  • Banned

    Perhaps someone could advise if you posted the firewall logs and firewall rules…



  • There are only 2 rules in place:

    WAN * 80 LAN x.x.x.x 80
    WAN * 80 LAN x.x.x.x 443

    Log entries:

    Mar 16 11:01:43 X        WAN x.x.x.x:61229 x.x.x.x:443 TCP:S
    Mar 16 11:01:43 X        WAN x.x.x.x:61229 x.x.x.x:443 TCP:S
    Mar 16 11:01:43 X        WAN x.x.x.x:61229 x.x.x.x:80         TCP:S
    Mar 16 11:01:43 X        WAN x.x.x.x:61229 x.x.x.x:443 TCP:S
    Mar 16 11:01:43 X        WAN x.x.x.x:61229 x.x.x.x:80         TCP:S


  • Banned

    Awesome. Not interested in this obfuscation nonsense. Either post the real thing screenshots or try a crystal ball.



  • Log screen shot attached

    Web Server rules attached

    I only run web and only have 2 rules for the HTTP and HTTPS, I do not have any other NAT rules






  • Hmmm - Are you trolling?

    This is two different threads where you seem to be just willfully making things difficult on either yourself or us.


  • Banned

    Which part of "not interested in this obfuscation nonsense" was unclear?! Not going to waste more time here. Go help yourself.


  • LAYER 8 Netgate

    Clicking on the red X will tell you what rule blocked the traffic.



  • @Derelict:

    Clicking on the red X will tell you what rule blocked the traffic.

    Thanks, that helped out a lot



  • Per the info just like D said hover over the X to see the rule and then post the rule that was blocking it or Google it



  • @doktornotor:

    Which part of "not interested in this obfuscation nonsense" was unclear?! Not going to waste more time here. Go help yourself.

    You ever think I am not understanding what you mean? I screen shot the rules and log entries and posted them as your requested.



  • protect your public IP if you want.

    passwords and usernames.

    But often, the internal network settings and IPs is required info to help anyone.



  • @kejianshi:

    protect your public IP if you want.

    passwords and usernames.

    But often, the internal network settings and IPs is required info to help anyone.

    Gotcha, thanks for the info



  • @kejianshi:

    protect your public IP if you want.

    passwords and usernames.

    But often, the internal network settings and IPs is required info to help anyone.

    I have only been using this system for a couple months at most


  • LAYER 8 Netgate

    @firebox:

    @Derelict:

    Clicking on the red X will tell you what rule blocked the traffic.

    Thanks, that helped out a lot

    What did it tell you?



  • @Derelict:

    @firebox:

    @Derelict:

    Clicking on the red X will tell you what rule blocked the traffic.

    Thanks, that helped out a lot

    What did it tell you?

    Sorry, I was put off by the 2 members above, this was the code it showed, I have been Google'in for info on it:

    block/1000000117

    Rebooting allowed traffic to the web server again

    SNORT shows nothing blocked, not using any other services other then what 2.2 came with


  • LAYER 8 Netgate

    Google won't find it.  That's a rule number.  It's different on every system.

    There wasn't anything else?  pfSense (pf) simply doesn't do what you're describing.  Do you have pass rules relying on anything that might change like FQDNs in aliases or anything like that?


  • LAYER 8 Netgate

    SNORT shows nothing blocked

    What other damn packages might be in the way?


  • Moderator

    @firebox:

    Log screen shot attached

    You can also enable the "Rule Column" in Status : System Logs : Settings instead of having to click the "Red x" to see the rule.

    Scroll down and you will see an option "Filter Descriptions" - Select "Display as column"

    ps - In regards to Snort. I suggest you start by running it in non-blocking mode. Then after you have cleared any False Positives Rules, you can re-enable Blocking Mode.


Log in to reply