Questions about log messages
-
@stephenw10 said in Questions about log messages:
I wouldn't normally expect to see layer2 traffic from other customers.
yeah would hope your isp would filter this.. But the one I notice is just loads and loads of arp traffic - from all bunch of other L3 networks as well - isp is clearly running multiple L3 on the same L2 and they are not filtering arp that is for damn sure.
If they are not filtering that - I bet you there is other stuff as well.. But the traffic I have really noticed is arp, since its just a flood of it.
-
The fiber is connected to an ONT which has a single gigabit ethernet interface. There is a direct ethernet connection to the ISP router. The hyper-v server running pfSense is connected to a bridged port on the ISP router using a dedicated NIC.
Within the hyper-v server, the NIC being used for the WAN has a virtual switch. 2X pfSense plus 1X OPNsense are connected to it. The second pfSense and the OPNsense are both completely virtual. I can be sure the traffic in question is not coming from the virtual pfSense or OPNsense VMs, because it happens even if both are shut down. Wireshark was connected to the same virtual switch that is being used for the WAN.
I spoke with a very knowledgeable tech from the ISP and he thinks it should be fine to put a switch between the ONT and the router and then connect my hyper-v server to it. This would bypass the ISP router completely. I don't think this will make any difference, but it would at least eliminate the ISP router as a cause.
-
@bimmerdriver so your isp is going to provide multiple IPs? an ont isn't a nat router. Its not a gateway device that isp give you where it a modem/router combo. What is the model number of what your calling your ont?
-
Ah, that's not the scenario I was imagining. But, sure, if you ca remove the local ISP router entirely that's a better setup IMO.
-
@johnpoz said in Questions about log messages:
@bimmerdriver so your isp is going to provide multiple IPs? an ont isn't a nat router. Its not a gateway device that isp give you where it a modem/router combo. What is the model number of what your calling your ont?
The ONT is a Nokia G-240G-A. It's a media converter, not a router, and it also provides POTS. The ISP provides multiple IP addresses / prefixes. There is probably a limit, but it's more than I need / use. The ISP router, which currently has port 1 bridged, uses one. The other 2X pfSense and OPNsense use three more. Normally, the ISP doesn't "support" a switch being placed between the ONT and their router, but the technician I spoke with confirmed there is no reason why a switch couldn't be put between them.
-
@stephenw10 said in Questions about log messages:
Ah, that's not the scenario I was imagining. But, sure, if you ca remove the local ISP router entirely that's a better setup IMO.
The reason I haven't bypassed the ISP router using a switch is because according to the ISP it's "unsupported". If there is an issue with the IPTV service, they not only might refuse to touch it, but they might claim it's cause for a service call being billable.
The other reason I haven't bypassed the ISP router is because I have no reason to believe it's causing any problems.
-
In case it's useful to know: the 5 and 6 after the fe80: in the link-local addresses is BSD notation for the interface index (the thing that's after the % on other OSes, for example %eth0).
https://docs.freebsd.org/en/books/developers-handbook/ipv6/#ipv6-scope-index
-
@Morphal said in Questions about log messages:
In case it's useful to know: the 5 and 6 after the fe80: in the link-local addresses is BSD notation for the interface index (the thing that's after the % on other OSes, for example %eth0).
https://docs.freebsd.org/en/books/developers-handbook/ipv6/#ipv6-scope-index
Very interesting. Thank you for the reply.
-
@stephenw10 said in Questions about log messages:
Ah, that's not the scenario I was imagining. But, sure, if you ca remove the local ISP router entirely that's a better setup IMO.
Last weekend, I reconfigured my network and pfSense is now connected to the ONT through a LAN switch. There is no longer a bridged router between pfSense and the ONT. It made no difference. I'm still getting the same messages.
-
They are still coming into the WAN just without the :5 octet?
