Get public ip for pcs
-
@s_serra said in Get public ip for pcs:
176.79.22.208.9555 > 79.124.62.98.8080: Flags [R.],
Well that is a RST.. .208 telling him to F off..
that traffic looks OFF.. Why would source traffic come from 8080 trying to do a syn to random ports?
An intelligent man is sometimes forced to be drunk to spend time with his fools
If you get confused: Listen to the Music Play
Please don't Chat/PM me for help, unless mod related
SG-4860 24.11 | Lab VMs 2.7.2, 24.11 -
Where exactly were you sniffing. I logged into your pfsense. And trying to ping your 22.208 address from MY ip.. I saw no traffic sniffing going to your wan for the 22.208 address.
-
@johnpoz I'm sorry but I went to sleep and turned off the computer. It's online now. When you can, you can test.
-
@johnpoz said in Get public ip for pcs:
Why would source traffic come from 8080 trying to do a syn to random ports?
I don't know hahaha
I have no control over this ip: 79.124.62.98
-
This post is deleted! -
Ok, well this was bizarre!
The root of the issue here was that the default 'reply-to' setting on the WAN firewall rule (because it's dhcp with a gateway) was somehow causing pf to send reply traffic using it's own MAC address. Which the ISP was likely legitimately dropping.
Disabling 'reply-to' allowed the traffic to pass without pf interfering.
Quite how that's possible is something we're looking at now.
If the bridge interface had the dhcp address and gateway on it and neither WAN or LAN have an address you would not not this though. That is the expected way to setup something like this.
Steve
-
@stephenw10 said in Get public ip for pcs:
Disabling 'reply-to' allowed the traffic to pass without pf interfering.
So your saying he is working now - because I am not able to ping that IP currently. Or you duplicated this in lab?
-
It is (was) working as expected for him but I think he disconnected the target and, hopefully, set some more restrictive rules.
-
@stephenw10 ah - ok, yeah he had sent me the login and that is no longer working. So glad its fixed and yeah hope set some more restrictive rules ;)
-
yes it was working I now turned off the server for testing and put stricter firewall rules. Thanks a lot for the help. I was never going to get there alone. Hahahaha
-
For future reference - could of spotted this problem right away by looking on the sniff when reply traffic went out the wan. Validating the mac address on the outgoing traffic.
