6100 with 22.05 blocking IGMP
-
@stephenw10 The 192.168. is the source address of the switch it's coming from and doesn't match with the IPv6 source from rule action description. Aand yes I'm confused why a) the Unifi switch is doing this and b) why only one of them and not the second.
I don't have a rule on that VLAN's to pass multicast from outside it's networks.
As I'm writing this I see these logs showing up:
Of course 0.0.0.0 is getting blocked because of the block bogon rule I checked at all of these VLAN interfaces. I'm confused why this is happening with the 6100 now and not the old hardware.
After deleting the whole DMZ interface I still get the logs with it's old interface address:
-
Have a look:
Multicast ExplainedIf you want to use Multicast, you have to setup your Network right, use a Querier.
-
@nocling I don't want to use multicast over different interfaces. That's not my point. I'm confused about the logging of that.
-
Default Rule and default logging is all.
You can use a Rule to block this and disable logging. -
Except that isn't the default IPv4 block rule. And what is shown would not be blocked by the referenced IPv6 rule.
Check the current ruleset in /tmp/rules.debug. Make sure it shows that rule identifier against that rule. As I said the most likely thing is that the ruleset was updated since the logs was made.
Is it still showing that rule against current multicast blocks?Steve
-
@stephenw10 Did a workaround by deleting the DMZ interface and added a block rule (not logging) on all the other interfaces.
rules.debug is showing this for that action:
antispoof log for $4_LAN ridentifier 10000025204_LAN is the parent interface for the VLAN's.
-
Ah, the anti-spoof rule makes more sense there. It's blocking traffic from 4_LAN subnet coming in on a different interface. It looks like the switch is doing something with the multicast traffic it probably shouldn't be doing.
-
@stephenw10 But that must be new. Well I think I have to check Ubiquiti forums. Thanks!
-
This post is deleted! -
Might IGMP spoofing the cause for this? Did disable it and logs are gone.
-
Quite possibly, yes.
-
@stephenw10 Was thinking about if the reassigning of the interfaces via editing the config file was a problem. Is there a possibility that firewall rules don't match with the interface names? (igb0 / ix1)
-
No. The rules reference the internal names in the config (wan, lan, opt1, opt2 etc) so if you reassign opt2 from igb0 to ix1 the rules will follow it.
Steve
