Show Posts
1
18.1 Legacy Series / random denies by Default deny rule after upgrading
« on: May 01, 2018, 11:39:49 am »
Hey guys,
Since i have updated my opnsense to the latest stable 18.1.6 and it seems about 1/3 of all traffic headed for the internet is blocked by the default deny rule.
I have just one simple rule on my lan interface allowing everything form my lan subnet to any destination using any protocol.
2/3 of traffic hits this rule and is natted perfectly to the internet the other 1/3 just hist the default deny rule.
I cannot seem to figure out the difference in traffic that causes it. hosts on my lan are able to load most webpages and ping most ips but for to me unknown reasons some destinations are blocked by the default rule.
some logs from blocked traffic
May 1 12:21:28 filterlog: 8,,,0,em0,match,block,in,4,0x0,,64,24069,0,DF,6,tcp,52,192.168.2.62,216.58.212.238,46327,443,0,FA,235370830,407495185,796,,nop;nop;TS
May 1 12:21:28 filterlog: 8,,,0,em0,match,block,in,4,0x0,,64,30129,0,DF,6,tcp,52,192.168.2.41,172.217.17.110,47157,443,0,FA,1489571558,332181077,229,,nop;nop;TS
May 1 12:21:26 filterlog: 8,,,0,em0,match,block,in,4,0x0,,64,30128,0,DF,6,tcp,52,192.168.2.41,172.217.17.110,47157,443,0,FA,1489571558,332181077,229,,nop;nop;TS
May 1 12:21:26 filterlog: 8,,,0,em0,match,block,in,4,0x0,,64,30127,0,DF,6,tcp,52,192.168.2.41,172.217.17.110,47157,443,0,FA,1489571558,332181077,229,,nop;nop;TS
May 1 12:21:26 filterlog: 8,,,0,em0,match,block,in,4,0x0,,64,30126,0,DF,6,tcp,52,192.168.2.41,172.217.17.110,47157,443,0,FA,1489571558,332181077,229,,nop;nop;TS
May 1 12:21:22 filterlog: 8,,,0,em0,match,block,in,4,0x0,,64,743,0,DF,6,tcp,83,192.168.1.201,172.217.17.138,55932,443,31,PA,3166355573:3166355604,738522861,1428,,nop;nop;TS
Please let me know if you need further info
[EDIT]
After further investigation it seems only 1/3 of TCP traffic is blocked, udp and icmp is never blocked
Since i have updated my opnsense to the latest stable 18.1.6 and it seems about 1/3 of all traffic headed for the internet is blocked by the default deny rule.
I have just one simple rule on my lan interface allowing everything form my lan subnet to any destination using any protocol.
2/3 of traffic hits this rule and is natted perfectly to the internet the other 1/3 just hist the default deny rule.
I cannot seem to figure out the difference in traffic that causes it. hosts on my lan are able to load most webpages and ping most ips but for to me unknown reasons some destinations are blocked by the default rule.
some logs from blocked traffic
May 1 12:21:28 filterlog: 8,,,0,em0,match,block,in,4,0x0,,64,24069,0,DF,6,tcp,52,192.168.2.62,216.58.212.238,46327,443,0,FA,235370830,407495185,796,,nop;nop;TS
May 1 12:21:28 filterlog: 8,,,0,em0,match,block,in,4,0x0,,64,30129,0,DF,6,tcp,52,192.168.2.41,172.217.17.110,47157,443,0,FA,1489571558,332181077,229,,nop;nop;TS
May 1 12:21:26 filterlog: 8,,,0,em0,match,block,in,4,0x0,,64,30128,0,DF,6,tcp,52,192.168.2.41,172.217.17.110,47157,443,0,FA,1489571558,332181077,229,,nop;nop;TS
May 1 12:21:26 filterlog: 8,,,0,em0,match,block,in,4,0x0,,64,30127,0,DF,6,tcp,52,192.168.2.41,172.217.17.110,47157,443,0,FA,1489571558,332181077,229,,nop;nop;TS
May 1 12:21:26 filterlog: 8,,,0,em0,match,block,in,4,0x0,,64,30126,0,DF,6,tcp,52,192.168.2.41,172.217.17.110,47157,443,0,FA,1489571558,332181077,229,,nop;nop;TS
May 1 12:21:22 filterlog: 8,,,0,em0,match,block,in,4,0x0,,64,743,0,DF,6,tcp,83,192.168.1.201,172.217.17.138,55932,443,31,PA,3166355573:3166355604,738522861,1428,,nop;nop;TS
Please let me know if you need further info
[EDIT]
After further investigation it seems only 1/3 of TCP traffic is blocked, udp and icmp is never blocked