New to pfSense - need some help
-
Hi
I am new to this forum and to pfSense. I have searched the forum and not found the information Iam after so hoping someone can comment.
I have just moved from a Draytek 2960 to pfSense box. The installation went smoothly with no issues.
Setup
ADSL2 connection to Draytek 130 modem (the 130 is configured to bridge/pass through mode), Draytek 130 connected to pfSense box (pfSense running PPPOE on WAN interface, I also have a static ip from my ISP which gets assigned when the pfSense box connects)
.
The pfSense box is configured just with default settings block all in and allow all out. I have internet seems to work as its ment to.Questions:
1. Looking at the firewall logs I see its blocking external IP address (as it should) however the volume seems high compared to when the Draytek router was in place. pfSense shows about 4+ per minute. When the Draytek was in place I use to get maybe 5 - 10 a day. Is this normal as it does not seem right.2. I also notices in the firewall logs that the WAN interface (em0) is all broadcasting every 10 seconds as follows Interface: em0 Source:0.0.0.0: xxxx port Destination: 255.255.255.255: port 4944 (always same port for destination) I think this is DHCP broadcast but not sure why it does it. Can this be turned off as it creates a lot of noise in the firewall logs and not sure why its doing it.
Any thoughts/comments would be appreciated.
Regards
Andrew -
4 per minute is nothing. I was getting several per second before I turned off logging on the default block rule.
With my 100Mb connection, I could scan the entire Internet in about 1.5 hours. During that scan I will have hit you at least once. Over the period of the day, I will have hit you almost 16 times. That's one computer. There are hundreds and thousands of compromised computers constantly scanning. If it was showing 5-10 per day, then it wasn't showing you everything.