[pfSense] Question on FW log entries
Just a quick question for anyone who cares to reply, something I can't figure out. I have the default LAN - Any rule active on the LAN interface, but I often see block entries such as those attached, in this case from my kid's iPad to Google. Other times I see blocks from internal hosts to servers like Akamai, for example. If the Any rule is active, why would I see blocks? Thanks for reading. Peder ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Question on FW log entries
On 3/11/13 3:27 pm, Peder Rovelstad wrote: Just a quick question for anyone who cares to reply, something I can't figure out. I have the default LAN - Any rule active on the LAN interface, but I often see block entries such as those attached, in this case from my kid's iPad to Google. Other times I see blocks from internal hosts to servers like Akamai, for example. If the Any rule is active, why would I see blocks? Thanks for reading. I too would be interested in this. It does seem to be specifically traffic going towards Google, and not general HTTP/HTTPS traffic to Google search - it seems to be specifically sync services and the like - in my case the source is nearly always either my Nexus 4 or Nexus 7. Here's a snippet of my logs from the last few minutes: Nov 3 15:31:36 LAN Default deny rule IPv4 (@3) 10.10.0.122:42880 173.194.66.103:443 TCP:FPA Nov 3 15:31:35 LAN Default deny rule IPv4 (@3) 10.10.0.121:52018 173.194.66.106:443 TCP:FPA Nov 3 15:31:21 LAN Default deny rule IPv4 (@3) 10.10.0.122:54125 173.194.41.71:443 TCP:FPA (N7 is on .121, N4 is on .122) If it's relevant, Google sync, app store, etc. seems to work fine with both devices in question. Kind regards, Chris -- This email is made from 100% recycled electrons ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Question on FW log entries
Original attachment blocked for size. Thanks again. http://192.168.0.1/index.php block Nov 3 08:51 LAN 192.168.0.103 http://192.168.0.1/index.php 74.125.142.108 http://192.168.0.1/index.php :993 http://192.168.0.1/index.php block Nov 3 08:51 LAN 192.168.0.103 http://192.168.0.1/index.php 74.125.142.108 http://192.168.0.1/index.php :993 http://192.168.0.1/index.php block Nov 3 08:51 LAN 192.168.0.103 http://192.168.0.1/index.php 74.125.142.108 http://192.168.0.1/index.php :993 http://192.168.0.1/index.php block Nov 3 08:51 LAN 192.168.0.103 http://192.168.0.1/index.php 74.125.142.108 http://192.168.0.1/index.php :993 http://192.168.0.1/index.php block Nov 3 08:51 LAN 192.168.0.103 http://192.168.0.1/index.php 74.125.142.108 http://192.168.0.1/index.php :993 http://192.168.0.1/index.php block Nov 3 08:51 LAN 192.168.0.103 http://192.168.0.1/index.php 74.125.142.108 http://192.168.0.1/index.php :993 http://192.168.0.1/index.php block Nov 3 08:47 LAN 192.168.0.103 http://192.168.0.1/index.php 74.125.142.108 http://192.168.0.1/index.php :993 http://192.168.0.1/index.php block Nov 3 08:47 LAN 192.168.0.103 http://192.168.0.1/index.php 74.125.142.108 http://192.168.0.1/index.php :993 From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On Behalf Of Peder Rovelstad Sent: Sunday, November 03, 2013 9:28 AM To: list@lists.pfsense.org Subject: [pfSense] Question on FW log entries Just a quick question for anyone who cares to reply, something I can't figure out. I have the default LAN - Any rule active on the LAN interface, but I often see block entries such as those attached, in this case from my kid's iPad to Google. Other times I see blocks from internal hosts to servers like Akamai, for example. If the Any rule is active, why would I see blocks? Thanks for reading. Peder image001.gif___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
Re: [pfSense] Question on FW log entries
Understood, thanks for the quick reply! From: list-boun...@lists.pfsense.org [mailto:list-boun...@lists.pfsense.org] On Behalf Of PiBa Sent: Sunday, November 03, 2013 9:37 AM To: pfSense support and discussion Subject: Re: [pfSense] Question on FW log entries This will probably answer that: https://doc.pfsense.org/index.php/Logs_show_%22blocked%22_for_traffic_from_a _legitimate_connection,_why%3F PiBa-NL Peder Rovelstad schreef op 3-11-2013 16:27: Just a quick question for anyone who cares to reply, something I can't figure out. I have the default LAN - Any rule active on the LAN interface, but I often see block entries such as those attached, in this case from my kid's iPad to Google. Other times I see blocks from internal hosts to servers like Akamai, for example. If the Any rule is active, why would I see blocks? Thanks for reading. Peder ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list ___ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
