Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense PPPOE wan connection works fine but why is my default ISP IP (192.168.1.2) is still very active and blocked by the Firewall? (Pretty noob)

    Scheduled Pinned Locked Moved
    Problems Installing or Upgrading pfSense Software
    2
    5
    292
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Billy 1
      last edited by Billy 1

      Hi everyone,

      I've been learning everything by myself and reading tutorials for the last 2 month. My Pfsense configuration is working but I want to continue to learn and on this topic I haven't found anything yet. It my be just a normal thing but I woulds like to verify with you guys.

      So, as the title says mostly everything, I configured the WAN interface with PPPoE since it's the only way to do with my ISP (BELL). I got a public IP so it looks good and it works. But, I'm a the step of perfecting my Firewall and I noticed that the Default private IP of my ISP Gateway (192.168.1.2) is very active. It's blocked by the Firewall witch is OK I think. I would like to verify with you if it's normal and if there's something I can do better?

      here is an example that happens very often. Note that it's on the igc0 interface with is not assigned but the wan wire is connected in it. The WAN interface is PPPoE (through igc0), I would really appreciate your help please!

      Action Time Interface Source Destination Protocol
      Block Mar 26 09:31:17 igc0 Default deny rule IPv4 (1000000103) 192.168.2.1:9431 192.168.2.255:9431 UDP

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        So 192.168.2.1 is the local management address of the modem?

        Looks like it's broadcasting and hence hitting your interface. Likely nothing to worry about. You could block it and not log it if the spam firewall entries are a problem.

        Steve

        B 1 Reply Last reply Reply Quote 0
        • B
          Billy 1 @stephenw10
          last edited by

          @stephenw10

          Hi Steve,

          Thank you very much for your answer!

          Yes, as you said, it's the IP of the ISP modem. I'm happy to confirm that it's not a serious problem.

          You're suggestion of taking it out of the logs is excellent, because I was worried of the spam since it appears very frequently.

          I will do my research but if you happen to know easily how to remove it from the logs I would be grateful if you could tell me.

          Thanks anyway for your help!

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Packets blocked by the default block rule are logged which is why you're seeing them. You just have to create a custom block rule which doesn't have logging enabled and matches only that traffic.

            However a complication is that you don't have igc0 assigned directly. So you can either add the rule as a floating rule that applies to all interfaces (even unassigned ones). Or, and this is what I would do, assign igc0 as a management interface and add the block rule there. That way you can use that to access the modem if you ever need to.

            Steve

            B 1 Reply Last reply Reply Quote 0
            • B
              Billy 1 @stephenw10
              last edited by

              @stephenw10 Thank you very much! It was a great idea and it works perfectly!

              1 Reply Last reply Reply Quote 1
              • First post
                Last post