OPNsense Forum

English Forums => Web Proxy Filtering and Caching => Topic started by: Johnson on February 27, 2018, 01:58:39 pm

Title: TCP_DENIED
Post by: Johnson on February 27, 2018, 01:58:39 pm

Hi,
I am using OPNsense 18.1.2_2-amd64, I enabled Transparent Proxy for http & https all the settings are attached,
my issue is, after enabling category filtering from remote access control list, if i try to access gmail.com or mail.google.com sites are not opening, meantime if i check access log, log details are follows.

=======================================================================
1519734398.044 421    192.168.0.100 TCP_MISS/200 614 GET http://detectportal.firefox.com/success.txt - ORIGINAL_DST/184.28.218.41 text/plain
1519734397.617 0    192.168.0.100 TAG_NONE/400 4487 NONE error:invalid-request - HIER_NONE/- text/html
1519734397.617 0    192.168.0.100 TCP_DENIED/403 3894 CONNECT mail.google.com:443 - HIER_NONE/- text/html
1519734397.617 9    192.168.0.100 TAG_NONE/200 0 CONNECT 216.58.196.165:443 - HIER_NONE/- -
1519734397.527 0    192.168.0.100 TAG_NONE/400 4487 NONE error:invalid-request - HIER_NONE/- text/html
1519734397.527 0    192.168.0.100 TCP_DENIED/403 3888 CONNECT www.gmail.com:443 - HIER_NONE/- text/html
1519734397.527 9    192.168.0.100 TAG_NONE/200 0 CONNECT 216.58.196.165:443 - HIER_NONE/- -
1519734397.285 0    192.168.0.100 TAG_NONE/400 4121 
%60:%8C%99UY%F3X%17x%9C%C8%87Z%FF%DA%1F%E7y%5B%C7 - HIER_NONE/- text/html
1519734397.285 0    192.168.0.100 TCP_DENIED/403 3888 CONNECT www.gmail.com:443 - HIER_NONE/- text/html
1519734397.284 9    192.168.0.100 TAG_NONE/200 0 CONNECT 216.58.196.165:443 - HIER_NONE/- -
1519734397.080 0    192.168.0.100 TAG_NONE/400 4487 NONE error:invalid-request - HIER_NONE/- text/html
1519734397.080 0    192.168.0.100 TCP_DENIED/403 3888 CONNECT www.gmail.com:443 - HIER_NONE/- text/html
1519734397.080 9    192.168.0.100 TAG_NONE/200 0 CONNECT 216.58.196.165:443 - HIER_NONE/- -
1519734396.811 0    192.168.0.100 TAG_NONE/400 4487 NONE error:invalid-request - HIER_NONE/- text/html
1519734396.811 0    192.168.0.100 TCP_DENIED/403 3888 CONNECT www.gmail.com:443 - HIER_NONE/- text/html
1519734396.810 9    192.168.0.100 TAG_NONE/200 0 CONNECT 216.58.196.165:443 - HIER_NONE/- -
1519734396.508 0    192.168.0.100 TAG_NONE/400 4487 NONE error:invalid-request - HIER_NONE/- text/html
1519734396.508 0    192.168.0.100 TCP_DENIED/403 3888 CONNECT www.gmail.com:443 - HIER_NONE/- text/html
1519734396.508 9    192.168.0.100 TAG_NONE/200 0 CONNECT 216.58.196.165:443 - HIER_NONE/- -
1519734396.330 0    192.168.0.100 TAG_NONE/400 4487 NONE error:invalid-request - HIER_NONE/- text/html
1519734396.330 0    192.168.0.100 TCP_DENIED/403 3888 CONNECT www.gmail.com:443 - HIER_NONE/- text/html
1519734396.329 9    192.168.0.100 TAG_NONE/200 0 CONNECT 216.58.196.165:443 - HIER_NONE/- -
1519734396.075 0    192.168.0.100 TAG_NONE/400 4487 NONE error:invalid-request - HIER_NONE/- text/html
1519734396.075 0    192.168.0.100 TCP_DENIED/403 3888 CONNECT www.gmail.com:443 - HIER_NONE/- text/html
1519734396.075 10    192.168.0.100 TAG_NONE/200 0 CONNECT 216.58.196.165:443 - HIER_NONE/- -
1519734395.784 0    192.168.0.100 TAG_NONE/400 4487 NONE error:invalid-request - HIER_NONE/- text/html
1519734395.784 0    192.168.0.100 TCP_DENIED/403 3888 CONNECT www.gmail.com:443 - HIER_NONE/- text/html
1519734395.784 9    192.168.0.100 TAG_NONE/200 0 CONNECT 216.58.196.165:443 - HIER_NONE/- -
1519734395.375 0    192.168.0.100 TAG_NONE/400 4487 NONE error:invalid-request - HIER_NONE/- text/html
1519734395.375 0    192.168.0.100 TCP_DENIED/403 3888 CONNECT www.gmail.com:443 - HIER_NONE/- text/html
1519734395.374 9    192.168.0.100 TAG_NONE/200 0 CONNECT 216.58.196.165:443 - HIER_NONE/- -
1519734393.125 61327    192.168.0.100 TCP_TUNNEL/200 3306 CONNECT tiles.services.mozilla.com:443 - ORIGINAL_DST/34.216.156.21 -

=======================================================================

Same problem in YouTube also. If i disable category filtering from remote access control list, there is no issue.

Can you help me for this issues.

Title: Re: TCP_DENIED
Post by: Johnson on February 28, 2018, 06:24:09 am

Issue rectified, after restating firewall once again click download acls & Apply, it's working now.