Re: [pfSense Support] Pfsense blocking outside connections with NO_TRAFFIC:SINGLE

Tue, 19 Aug 2008 15:43:17 -0700 

Let me give you more info:


LAN Net: 200.x.x.x/29(Public Net)                  OP1: Net:
192.168.x.x/24(Private Net)
         |                                                            |
         |                                                            |
                                   PFSense
                                        |
                                        |
                                       Wan: Net: 192.168.x.x/30 only
for connection to my isp

OP1 link status is down, since I have it unplugged from network
LAN and Wan link status ok.
All the inbound rules in Wan are working as expected from outside.
On Lan interface only one rule allowing any trafic from this net to any
On opt1 interface only one rule allowing all trafic to any.

Trafic from Lan can't reach outside world, this only is happening when
the firewall is enabled, when I disable the firewall I can reach
outside from Lan.
I can't see any drops in logs.
I'm not using vlans on the firewall, but one of the nets comes from a
vlan configured switch.

Best regards



2008/8/19 Chris Buechler <[EMAIL PROTECTED]>:
> Aliet Santiesteban Sifontes wrote:
>>
>> Hi, all I'm using a new installed pfsense 1.2.1 with three attached
>> newtoks, wan, lan and optional 1, I have defined rules on lan
>> interface to allow all outgoing connections on that interface, but
>> everything is blocked, a test in dns server query shows this on pftop:
>>
>> udp       In  200.55.176.170:58829     192.58.128.30:53
>> NO_TRAFFIC:SINGLE       00:00:05  00:00:55        1       64
>> udp       Out 200.55.176.170:58829     192.58.128.30:53
>> SINGLE:NO_TRAFFIC   00:00:05  00:00:55        1       64
>> udp       In  200.55.176.170:30462     192.58.128.30:53
>> NO_TRAFFIC:SINGLE       00:00:03  00:00:57        1       64
>> udp       Out 200.55.176.170:30462     192.58.128.30:53
>> SINGLE:NO_TRAFFIC   00:00:03  00:00:57        1       64
>>
>> If I disable the firewall it works everything as expected, I saw this
>> post googling:
>> http://lists.freebsd.org/pipermail/freebsd-pf/2006-June/002260.html
>>
>
> That's not related, you aren't going to have IP options fields in your DNS
> traffic. The only thing that legitimately uses IP options today is PIM and
> IGMP, as the person who posted that was using.
>
> What you're seeing though I'm not sure, if something as simple as DNS
> passing through 1.2.1 didn't work we would have heard about it long ago and
> I wouldn't be able to send this email. Are you seeing any drops in your
> firewall logs?
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to