OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 23.1 Legacy Series »
  • Strange blocking of internal traffic
« previous next »
  • Print
Pages: [1]

Author Topic: Strange blocking of internal traffic  (Read 1145 times)

canus

  • Newbie
  • *
  • Posts: 6
  • Karma: 0
    • View Profile
Strange blocking of internal traffic
« on: February 17, 2023, 04:17:35 pm »
Hi All,


My OPNsense instance has bizarre behavior. The same connection from a client in the plan to the server network will be allowed and blocked. I can access the services, but it will have a lot of problems, and I see lot of tcp retransmission.

Software:
Versions   OPNsense 23.1.1_2-amd64
FreeBSD 13.1-RELEASE-p6
OpenSSL 1.1.1t 7 Feb 2023

Hardware:
nic: Ethernet Controller E810-XXV for SFP'
driver: intel ice

Networking:
LAGG Protocol LACP and VLAN on LAGG.

The network 172.23.23.0/24 has full permissions to 172.23.0.0/24.

Firewall: Log Files: Live View:

Code: [Select]
lan 2023-02-17T16:10:51 172.23.23.23:56295 172.23.0.2:443 tcp Default deny / state violation rule
lan 2023-02-17T16:10:49 172.23.23.23:56295 172.23.0.2:443 tcp Default deny / state violation rule
lan 2023-02-17T16:10:48 172.23.23.23:56317 172.23.0.2:443 tcp Default allow LAN to any rule
lan 2023-02-17T16:10:48 172.23.23.23:56316 172.23.0.2:443 tcp Default allow LAN to any rule
lan 2023-02-17T16:10:48 172.23.23.23:56315 172.23.0.2:443 tcp Default allow LAN to any rule
lan 2023-02-17T16:10:48 172.23.23.23:56314 172.23.0.2:443 tcp Default allow LAN to any rule
lan 2023-02-17T16:10:48 172.23.23.23:56295 172.23.0.2:443 tcp Default deny / state violation rule
lan 2023-02-17T16:10:48 172.23.23.23:56295 172.23.0.2:443 tcp Default deny / state violation rule
lan 2023-02-17T16:10:48 172.23.23.23:56313 172.23.0.2:443 tcp Default allow LAN to any rule
lan 2023-02-17T16:10:47 172.23.23.23:56295 172.23.0.2:443 tcp Default deny / state violation rule
Logged

axsdenied

  • Full Member
  • ***
  • Posts: 199
  • Karma: 9
    • View Profile
Re: Strange blocking of internal traffic
« Reply #1 on: February 17, 2023, 08:42:38 pm »
Sure it's not a port blocking issue? Shows the only blocks for the origin address with port 56295.
Logged
OPNsense 24.7.7 running on:
Dell Optiplex 3050
Intel I5-7600 @ 3.5Ghz (4 Cores)
Intel I350-T4 Nic
8G DDR4
256G SSD

canus

  • Newbie
  • *
  • Posts: 6
  • Karma: 0
    • View Profile
Re: Strange blocking of internal traffic
« Reply #2 on: February 17, 2023, 09:30:32 pm »
Quote from: axsdenied on February 17, 2023, 08:42:38 pm
Sure it's not a port blocking issue? Shows the only blocks for the origin address with port 56295.


Yes, I am pretty sure I did not block that port. It comes all from the ruleset "Default deny / state violation rule" which is autogenerated and will execute last.

It's also only a short sample of the logging. You will see all the allow and blocking actions like this.
« Last Edit: February 17, 2023, 09:45:45 pm by canus »
Logged

zan

  • Full Member
  • ***
  • Posts: 175
  • Karma: 31
    • View Profile
Re: Strange blocking of internal traffic
« Reply #3 on: February 18, 2023, 08:05:37 am »
Probably out of state packets.
What are the TCP flags of denied packets? If they are FA,RA,FPA,PA and the likes they are just finishing packets that got dropped because out of state.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 23.1 Legacy Series »
  • Strange blocking of internal traffic
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2