pfSense Support Subscription

Author Topic: LAN allowed packets blocked when should be passed  (Read 215 times)

0 Members and 1 Guest are viewing this topic.

Offline jpforte

  • Newbie
  • *
  • Posts: 4
  • Karma: +0/-0
    • View Profile
LAN allowed packets blocked when should be passed
« on: October 23, 2017, 04:48:07 pm »
I have an SG-1000 that is new to me. There is something odd.

In the firewall logs it shows LAN packets being blocked by the default deny rule.

https://www.dropbox.com/s/5to1z2wv8m7o3rq/Screenshot%202017-10-23%2017.43.25.png?dl=0

However is rules for the LAN I have all LAN traffic to all destinations allowed.

https://www.dropbox.com/s/tfaerrkkjhq9jty/Screenshot%202017-10-23%2017.42.50.png?dl=0

How is this happening?


Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14299
  • Karma: +1330/-193
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: LAN allowed packets blocked when should be passed
« Reply #1 on: October 23, 2017, 04:52:51 pm »
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.3.4_p1 (work)
1x 2.4.2-RELEASE on VM esxi 6.5 (home)

Offline nleaudio

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: LAN allowed packets blocked when should be passed
« Reply #2 on: November 01, 2017, 07:58:45 pm »
I've got a PF Sense install that is generating TONS of blocked packets in the logs - like 20-30 per second.  A lot of DNS lookups, and other legit traffic.  I read the doc.pfsense.org link, but this just seems very strange to me that so much is being logged as blocked by the default rule.  I've been having some DNS lookup issues, and now that I see a lot of this traffic being blocked to the ISP dns server, it makes me wonder if this isn't the issue.  In the firewall rules, I am allowing everything out for all protocols, even from any source.  Normal browser operation *seems* to be ok.  Should I just disregard all these tons of logged events?

Bob

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9092
  • Karma: +1037/-306
    • View Profile
Re: LAN allowed packets blocked when should be passed
« Reply #3 on: November 01, 2017, 11:12:00 pm »
Impossible to say without seeing what is actually being logged.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline KOM

  • Hero Member
  • *****
  • Posts: 5370
  • Karma: +667/-19
    • View Profile
Re: LAN allowed packets blocked when should be passed
« Reply #4 on: November 02, 2017, 08:42:48 am »
Start a new thread instead of piggybacking off this one and post your firewall rules.