Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Having trouble understanding why traffic is being blocked.
« previous
next »
Print
Pages: [
1
]
Author
Topic: Having trouble understanding why traffic is being blocked. (Read 1202 times)
icsy7867
Newbie
Posts: 9
Karma: 1
Having trouble understanding why traffic is being blocked.
«
on:
May 09, 2022, 04:12:58 pm »
Hello, and I apologize if this is not the right place to post this. I am not sure what is going on and I can't figure it out! I have a VPS connected to my internal network via my proteclt box (Currently running 22.1.6).
Everything was working, until sometime a couple of days ago. I have not changed anything but certain traffic to/from my kubernetes node in the cloud started to be blocked.
Here it is, 6443, kubernetes traffic being blocked. (I blacked out part of my vlan name as it has some identifying information.
And then I have another rule that allows all 192.168.0.0/16. Due to some of my cloud things, I have created an alias that I call "localnet" that has a few addresses in it.
From my understanding this should not be blocked. I have no other block rules. And "block private subnets" is unchecked. Any ideas?
Logged
franco
Administrator
Hero Member
Posts: 17661
Karma: 1611
Re: Having trouble understanding why traffic is being blocked.
«
Reply #1 on:
May 09, 2022, 04:18:18 pm »
So is it really blocked or are you just seeing blocked packets but the connection is working?
In most of these cases the "state violation" is being detected on the link due to stray "reset" or "fin" flagged TCP packets. You can see this from the details button of the live view.
Cheers,
Franco
Logged
jclendineng
Full Member
Posts: 153
Karma: 7
Re: Having trouble understanding why traffic is being blocked.
«
Reply #2 on:
May 20, 2022, 01:08:51 am »
Im having this exact same issue. And its actually blocking things, that's how I discovered it. I have many vlans and certain traffic is being blocked due to the opaque "Default Deny / State" error which is odd as I have Allow All inter-vlan and no denies. There should be 0 blocks between vlans. I did check the reasons and there is no flag set on the packets so that rules out a reset flag issue...It blocks connections between different pieces of my network infrastructure and servers as an example. Im curious why there is a default deny rule on the internal networks? I don't see any system deny rules in internal networks, the only default deny rules are on the floating rules default section but there's no explanation of what's being blocked.
Thanks a bunch, this is really screwing with some internal sites that just randomly are inaccessible due to this block.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Having trouble understanding why traffic is being blocked.