PfSense blocking UDP traffic on LAN after Bogon update?
-
I've had this issue a few times on 2.2.x, but it seems to be happening more on 2.3 for some reason. I'm running a full install on an intel based mini PC with multiple intel nics.
It seemed to be random until tonight when I was able to check the logs on the box right after an outage occurred. For some reason, a few minutes after it updated the bogon networks list, all UDP traffic seemed to be blocked on LAN, but the WAN interface continues to function without issue. My normal recourse for this has been to unplug the LAN cable, and plug it back in. This seems to reset the interface and devices are immediately able to get IP addresses again and use the internet. I'm not quite sure why all clients seem to drop their addresses at once when this happens, I do notice that all clients seem to lose their DHCP leases immediately if I reboot pfsense as well, but I don't remember this being the behavior on earlier versions.
Is there anything better I can be looking for in the logs? In the meantime I'm going to stop the bogon updates and disable the "block bogons" rule to see if it stabilizes the network and works around the issue.
-
What specifically are you seeing getting blocked?
Fetching bogons just reloads the ruleset. You should only have that enabled on WAN, which means it has no impact on traffic from LAN.
-
Yeah, I noticed the block bogons rule was applied to LAN and I'm thinking it was having some impact.
Here's an attachment of what was showing in the FW logs while the connections were down, in addition to DHCP broadcasts there was other UDP traffic from self-assigned IPs that was being blocked as well.
-
You can't enable bogon blocking on an interface that acts as a DHCP server, it'll block the DHCP requests. It's not doing anything useful on LAN anyway, just disable it on LAN.