blog.crox.net

After a fresh pfSense install, I found out that traffic from specific hosts was being dropped when it should have been allowed based on the firewall rules I defined.

It turned out that the option "block bogon networks" was activated on the WAN interface, and that fresh pfSense images come with a slightly outdated bogon list.

If you are facing this problem, you have three options:

1. disable the "Block bogon networks" option at the bottom of the WAN interface page

2. after at most one week, the list will be updated automatically as long as the box is online (there is a cron entry, grep your config file for bogon)

3. if you don't want 1. and can't wait for 2, you can trigger the update process manually by running:

/etc/rc.update_bogons.sh 0

Check the output from the Status -> System Logs -> System page (I ran it from a serial console, but it should work fine by ssh or from the exec.php page too)

It seems that after having been up for a couple of days, the WAG200G starts having issues routing UDP packets properly. This particularly affects VoIP traffic (here IAX2 on port 4569). The symptoms are that "regular surfing" works flawlessly, but the registration with the asterisk server fails. tcpdump shows no traffic on the server side. Restarting the WAG200G immediately solves the problem.

Here is how I restarted the router from the command line:

wget --http-user=admin --http-password=pa55w0rd \
     --post-data='reboot=1&save=Enregistrer+les+param%E8tres&todo=reboot&h_reboot=1&this_file=Reboot.htm&next_file=index.htm&message=' \
     http://192.168.0.1/setup.cgi

(replace password and IP address as appropriate)