Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
dropped outgoing traffic while not filtering AFAIK
« previous
next »
Print
Pages: [
1
]
Author
Topic: dropped outgoing traffic while not filtering AFAIK (Read 2628 times)
dinguz
Sr. Member
Posts: 275
Karma: 13
dropped outgoing traffic while not filtering AFAIK
«
on:
October 05, 2020, 07:08:26 pm »
I am seeing dropped outgoing traffic, only on port 443. This baffles me because AFAIK I'm not filtering outgoing traffic. It's dropped by the default deny rule, so it's kind of hard to see on which basis it's being blocked.
Does anyone have an idea where to look?
Logged
In theory there is no difference between theory and practice. In practice there is.
binaryanomaly
Full Member
Posts: 163
Karma: 9
Re: dropped outgoing traffic while not filtering AFAIK
«
Reply #1 on:
November 08, 2020, 02:34:53 pm »
I am seeing exactly the same behaviour and I'm wondering why, since I do allow currently LAN traffic to anywhere.
I can't see why this traffic is blocked. Wonder if it's related to this:
https://forum.opnsense.org/index.php?topic=19947.msg92119#msg92119
(german)
Have you solved the issue in the meanwhile?
Logged
dinguz
Sr. Member
Posts: 275
Karma: 13
Re: dropped outgoing traffic while not filtering AFAIK
«
Reply #2 on:
November 08, 2020, 08:01:36 pm »
It's not completely gone, but it got better with 20.7.4. I presume it has something to do with this entry in the changelog: 'firewall: associated NAT rules missed state keyword'.
Have you noted any differences in 20.7.4?
Logged
In theory there is no difference between theory and practice. In practice there is.
binaryanomaly
Full Member
Posts: 163
Karma: 9
Re: dropped outgoing traffic while not filtering AFAIK
«
Reply #3 on:
November 08, 2020, 08:53:50 pm »
I have tbh only observed it today while I was trying out the Sky app for the first time and it kept acting super weird - sluggish playback up to loss of connection.
A quick check of the fw log surfaced lots of "Default deny rule" entries for what looked to be absolutely legitimate traffic.
Weird enough it seems to be completely gone by now...
Logged
Fright
Hero Member
Posts: 1777
Karma: 164
Re: dropped outgoing traffic while not filtering AFAIK
«
Reply #4 on:
November 09, 2020, 08:01:52 am »
Quote
'firewall: associated NAT rules missed state keyword'.
doesn't seem to be relevant to the problem
any chance that you have some sort of asymmetric routing?
Logged
dinguz
Sr. Member
Posts: 275
Karma: 13
Re: dropped outgoing traffic while not filtering AFAIK
«
Reply #5 on:
November 09, 2020, 09:05:47 am »
I presume the problem is that the packets are possibly valid, but that they are somehow not matched with existing connections (the 'keep state' stuff). I don't have asymmetric routing, it's a fairly simple cable modem which connects to the ISP. The modem is in bridge mode, so there is no NAT-after-NAT as well.
Logged
In theory there is no difference between theory and practice. In practice there is.
Fright
Hero Member
Posts: 1777
Karma: 164
Re: dropped outgoing traffic while not filtering AFAIK
«
Reply #6 on:
November 09, 2020, 09:45:22 am »
yes, I also think that the reason for the messages appearing in the state keeping (you can check this by switching "State type" to "none" in "Default allow LAN to any rule"). but its not the source of problem. something brakes states. and most often it is asymmetric routing (client send request through opnsense and receives reply from another host\router).
you can try to trace packets and try to find out the source of states breaking
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
dropped outgoing traffic while not filtering AFAIK