So are you actually not getting to these pages at all, or are these
just showing in the log?  I ask because pfSense does this a lot.  Here
is a look at my situation:

Mar 20 13:53:32 LAN 10.0.0.84:44553 74.125.225.6:80 TCP:FPA
Mar 20 13:53:32 LAN 10.0.0.84:38737 74.125.225.6:80 TCP:FPA
Mar 20 13:53:13 LAN 10.0.0.84:44553 74.125.225.6:80 TCP:FPA
Mar 20 13:53:13 LAN 10.0.0.84:38737 74.125.225.6:80 TCP:FPA
Mar 20 13:53:02 LAN 10.0.0.84:44553 74.125.225.6:80 TCP:FPA
Mar 20 13:53:02 LAN 10.0.0.84:38737 74.125.225.6:80 TCP:FPA
Mar 20 13:52:56 LAN 10.0.0.84:38737 74.125.225.6:80 TCP:FPA
Mar 20 13:52:56 LAN 10.0.0.84:44553 74.125.225.6:80 TCP:FPA
Mar 20 13:52:54 LAN 10.0.0.84:44553 74.125.225.6:80 TCP:FPA
Mar 20 13:52:54 LAN 10.0.0.84:38737 74.125.225.6:80 TCP:FPA
Mar 20 13:52:53 LAN 10.0.0.84:38737 74.125.225.6:80 TCP:FPA
Mar 20 13:52:53 LAN 10.0.0.84:44553 74.125.225.6:80 TCP:FPA
Mar 20 13:52:53 LAN 10.0.0.84:44553 74.125.225.6:80 TCP:FPA
Mar 20 13:52:53 LAN 10.0.0.84:38737 74.125.225.6:80 TCP:FPA
Mar 20 13:52:53 LAN 10.0.0.84:38737 74.125.225.6:80 TCP:FA
Mar 20 13:52:53 LAN 10.0.0.84:38737 74.125.225.6:80 TCP:PA
Mar 20 13:52:53 LAN 10.0.0.84:44553 74.125.225.6:80 TCP:FA
Mar 20 13:52:53 LAN 10.0.0.84:44553 74.125.225.6:80 TCP:PA

These are all "blocked".  Yet in reality we got to these pages, it's
simply this: https://doc.pfsense.org/index.php/Why_do_my_logs_show_%22blocked%22_for_traffic_from_a_legitimate_connection

Although the article talks about it being late arriving FIN packets,
it does happen to ACK too...  Just need to clarify if you are actually
getting fully rejected from getting anywhere, or if it's a log thing
you are seeing.  I'll look back through your pfsense mailing list
postings too.

Ryan

On Thu, Mar 20, 2014 at 11:46 AM, Ryan Coleman <ryanjcole at me.com> wrote:
> I have an open issue that after about 20-24 hours the firewall stops routing internal data out (I can remote in, I can ping from internal networks, but many simple requests are getting blocked by the default rules).
>
> I think I might be pushing my luck with the 3 routed VLANs (4, if you count VLAN1) on the hardware (ALIX 2D13) but I am otherwise completely at a loss for ideas.
>
>
> --
> Ryan
>
>
> _______________________________________________
> TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
> tclug-list at mn-linux.org
> http://mailman.mn-linux.org/mailman/listinfo/tclug-list