[NOOB] how to see exactly what is being blocked on a given IP

[MarieSophieSG]

Hello,
On my LAN2, through a WiFi router AP 192.168.102.101, I have a tablet connected 192.168.102.103
So far so good

It has all Internet access (I can browse, no problem)

Except one app, which can't reach out

How do I scrutinize this in particular, to be able to set rules to allow it ? (Therefore I need to know exactly what ports are being used) 

[cookiemonster]

You could start by looking in Firewall > Log Files > Live view but if you can browse, I would expect to show all positive signs. After all the firewall looks at network packets only.
More likely something else, either a detection system i.e, Zenarmor or soomethign before the firewall like a software misconfiguration.
Do you know what port the app communicates on and is it to the open internet?

[MarieSophieSG]

You could start by looking in Firewall > Log Files > Live view but if you can browse, I would expect to show all positive signs. After all the firewall looks at network packets only.
More likely something else, either a detection system i.e, Zenarmor or soomethign before the firewall like a software misconfiguration.
Do you know what port the app communicates on and is it to the open internet?

The tablet and this app was working just fine on a strainer (open gate to pretty much all) router/FW (is that even a FW?) before
Only 2 apps are being restricted, everything else goes through (i.e: Brave, FF, Twitter, OurLaws, BB10, Reddit, etc..) and both behind their respective VPN (no VPN set on OPNsense yet)

No Zenamour, no other config, the tablet is stock, and OPNsense is baremetal (not in a container, not in a VM, no other OS or app on the RS39 box)

[cookiemonster]

We might have two threads for the same thing :) I just replied on the other for a packet capture.

Code Select Expand


Only 2 apps are being restricted, everything else goes through (i.e: Brave, FF, Twitter, OurLaws, BB10, Reddit, etc..) [u][b]and both behind their respective VPN[/b][/u] (no VPN set on OPNsense yet)
Whoa! That's significant. What do you mean by "and both behind their respective VPN" ?
Are we diagnosing with a VPN in play here ? That changes everything.

[MarieSophieSG]

We might have two threads for the same thing :) I just replied on the other for a packet capture.

Code Select Expand


Only 2 apps are being restricted, everything else goes through (i.e: Brave, FF, Twitter, OurLaws, BB10, Reddit, etc..) [u][b]and both behind their respective VPN[/b][/u] (no VPN set on OPNsense yet)
Whoa! That's significant. What do you mean by "and both behind their respective VPN" ?
Are we diagnosing with a VPN in play here ? That changes everything.

Yes, this [NOOB] thread is "general" about how to determine what's blocking, how to see exactly and where to search
While the other is a specific case about specific android apps

Both tablet and phone have their own VPN, which works just fine with all other apps as listed, so VPN is not (according to my noob knowledge) not at play here ? 

[cookiemonster]

Yes, this [NOOB] thread is "general" about how to determine what's blocking, how to see exactly and where to search
While the other is a specific case about specific android apps

Super.

Both tablet and phone have their own VPN, which works just fine with all other apps as listed, so VPN is not (according to my noob knowledge) not at play here ? 

If they VPN is on i.e. the connection is established, then yes, it is at play. That is because a VPN up alters the route tables, then you have the firewall rules come into play too. Both can interact. For instance, you could establish a policy-based routing, whereby some traffic goes over the VPN whereas the rest goes via the non-vpn gateway.
I'm not saying you have done that. I am saying the setups is significantly different.
Can you try those apps with the VPN Off please ?

[MarieSophieSG]

Sure !

VPN + KillSwitch off
App1  => connect, can't log-in
App2 => can't connect

Same as with VPN on :/

EDIT: VPN back on, now app2 connects and log-in !

[cookiemonster]

ookaaay.. but where do they "work" ? I mean, do the work from any other nework, not necessarily yours ?

[MarieSophieSG]

ookaaay.. but where do they "work" ? I mean, do the work from any other nework, not necessarily yours ?

They did, when I was behind the E3200 cncted directly to the modem, and didn't check them until a few days ago since I moved to an actual FW (OPNsense)

I haven't checked on a different network, but will this Sunday

[cookiemonster]

Don't suppose you can try off wifi and on the mobile network ?

[MarieSophieSG]

Don't suppose you can try off wifi and on the mobile network ?

My phone is on Android 8,2 or 8,4, neither of these 2 apps would work there
My tablet doesnt have mobile network
The only thing I can do is to set the Phone as WiFi HotSpot and connect te tablet to it, but doing so forces me to keep thWiFi up, so it will most likely re-conncet to the WiFi AP rather than using the Mobile network