Hi All,
I am getting intermittent blocks on something that seemingly should
be passed.
I have a NAT and firewall rule on the Internet facing WAN interface (ng0)
which allows any source IP and any source port (TCP) to destination
192.168.2.10.49205 through.
In the most cases this rules seems to work, but quite often I get something
like below where it has been blocked.
The pass rule is right toward the top rule list and when I click on the X in
the web GUI to see what has blocked it, it says it is the default rule
"Default block all just to be sure" (Rule 189).
Mar 3 06:38:57 192.168.1.199 pf: 2. 562031 rule 189/0(match): block in on
ng0: xxx.xxx.xxx.xxx.1809 > 192.168.2.10.49205: F 0:0(0) ack 1 win 33362
Mar 3 06:39:03 192.168.1.199 pf: 5. 126777 rule 189/0(match): block in on
ng0: xxx.xxx.xxx.xxx.1809 > 192.168.2.10.49205: F 0:0(0) ack 1 win 33362
Mar 3 06:39:13 192.168.1.199 pf: 10. 466370 rule 189/0(match): block in on
ng0: xxx.xxx.xxx.xxx.1809 > 192.168.2.10.49205: F 0:0(0) ack 1 win 33362
Mar 3 06:39:34 192.168.1.199 pf: 20. 817280 rule 189/0(match): block in on
ng0: xxx.xxx.xxx.xxx.1809 > 192.168.2.10.49205: F 0:0(0) ack 1 win 33362
Mar 3 06:40:15 192.168.1.199 pf: 41. 546847 rule 189/0(match): block in on
ng0: xxx.xxx.xxx.xxx.1809 > 192.168.2.10.49205: F 0:0(0) ack 1 win 33362
Mar 3 07:04:30 192.168.1.199 pf: 21. 176218 rule 189/0(match): block in on
ng0: xxx.xxx.xxx.xxx.2692 > 192.168.2.10.49205: F 1998254475:1998254475(0)
ack 3549271994 win 33362
In the above syslogs xxx.xxx.xxx.xxx is all the same IP address but the logs
show this happening many different addresses and many different source
ports.
PfSense version is 1.01.
Thanks for any help.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
