[SOLVED] Why are some outbound connections being blocked?

[Taomyn]

Can someone explain to me why certain outbound accesses are being blocked?

Sep 6 11:57:04    filterlog: 5,16777216,,0,em0,match,block,in,4,0x0,,64,27057,0,DF,6,tcp,83,192.168.1.12,216.58.212.196,57345,443,31,PA,1227625523:1227625554,681508203,1403,,nop;nop;TS
Sep 6 11:56:50    filterlog: 5,16777216,,0,em0,match,block,in,4,0x0,,64,46294,0,DF,6,tcp,83,192.168.1.12,216.58.212.196,36285,443,31,PA,1658183271:1658183302,1155478340,1403,,nop;nop;TS
Sep 6 11:54:11    filterlog: 5,16777216,,0,em0,match,block,in,4,0x0,,64,27056,0,DF,6,tcp,83,192.168.1.12,216.58.212.196,57345,443,31,PA,1227625523:1227625554,681508203,1403,,nop;nop;TS
Sep 6 11:53:48    filterlog: 5,16777216,,0,em0,match,block,in,4,0x0,,64,62871,0,DF,6,tcp,83,192.168.1.12,216.58.212.206,59718,443,31,PA,4294784359:4294784390,498114925,1470,,nop;nop;TS
Sep 6 11:52:05    filterlog: 5,16777216,,0,em0,match,block,in,4,0x0,,64,27055,0,DF,6,tcp,83,192.168.1.12,216.58.212.196,57345,443,31,PA,1227625523:1227625554,681508203,1403,,nop;nop;TS
Sep 6 11:51:47    filterlog: 5,16777216,,0,em0,match,block,in,4,0x0,,64,27054,0,DF,6,tcp,83,192.168.1.12,216.58.212.196,57345,443,31,PA,1227625523:1227625554,681508203,1403,,nop;nop;TS

They look to me to be HTTPS connections but none of my client devices are having browsing issues. I noticed that on the firewall logs that many connections by my Android tablet are getting blocked, see attached screenshot.

[fabian]

You don't have a rule to pass the traffic so it is blocked. Look at your firewall rules

[Taomyn]

You don't have a rule to pass the traffic so it is blocked. Look at your firewall rules

Sorry if I sound noobish, but I have the outbound NAT rule in place so why would I need more firewall rules, and surely any outbound access to port 443 would be blocked so how come I can visit this forum?

[fabian]

Sorry but I am confused about your post (I am not sure how your setup looks like). I did not have to create a single NAT rule for the usual stuff because with the default settings this works out of the box. The only NAT rules I configured are used for the transparent proxy. Filtering is done by the firewall.

Can you post your firewall rules and your NAT rules as well as the information if the private addresses are blocked?

[Taomyn]

I don't know if the attached is what you want as I'm not sure how else to get more info on the rules.

[fabian]

This should work if the AP is connected on the right interface and the device gets the right interface assigned. Can you check if you connected it to GUEST_LAN?

[Taomyn]

Yup, it's on the AP that's on my LAN it's IP is 192.168.1.12 - I have another AP which is on GUEST_LAN and their IPs would be 192.168.100.0/24

[fabian]

I am sorry but I cannot help in that case - maybe franco or ad can. Maybe they will need your /tmp/rules.debug

[Taomyn]

I found my answer, but thanks for the help.

http://doc.m0n0.ch/handbook/faq-legit-traffic-dropped.html

[Zapp]

I found my answer, but thanks for the help.

http://doc.m0n0.ch/handbook/faq-legit-traffic-dropped.html

Sorry. I arrived a bit late to the party.
This has been bugging me to and I have found sort of the same answer as you did, but still... Isn't there a way to get rid of all these false positives in the log?
I really like to see all blocked traffic but not these leftovers. Can't that be filtered out somehow?

   /Jonas...


Skickat från min A0001 via Tapatalk

[Taomyn]

I really like to see all blocked traffic but not these leftovers. Can't that be filtered out somehow?

I think the thread that lead me to the final link above explaining the issue did mention they were going to do this, but as is the case in many threads they never went back and updated with what they did.


On a similar note adding log-only rules to the firewall is something I'd like to know how to do as it would be helpful at times where I know the firewall is blocking/allowing something but nothing is coming up on the logs.