Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall log question - what am I looking at

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 2 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G Offline
      georgeberz
      last edited by

      Ok here is a new firewall log can someone explain to me

      75.37.58.121 is the ATT DSL IP connection
      192.168.0.1 is the ATT modem
      192.168.1.1/24 my local LAN

      Why is the ATT modem showing up so often in the log?
      My computer local lan is 192.168.1.1/24 why can I still open up my modem on 192.168.0.1 isnint that a different net?
      What is 82.231.23.203 and why is it showing in the log?
      What is 219.146.255.147 and why is it showing in the log?
      firewall1.jpg_thumb
      firewall1.jpg

      1 Reply Last reply Reply Quote 0
      • johnpozJ Online
        johnpoz LAYER 8 Global Moderator
        last edited by

        Didn't we go over this already??

        Before you my att dsl modem was at 192.167.0.1 and you were seeing SSDP to multicast address on your LAN port.

        I asked in that thread how your connected since you should be seeing traffic from your modem on your LAN interface.

        Please draw out your network connection,  And you changed your modem lan IP??  So your creating a PPPoE connection of your modem/router that is already making the connection for you??  Thanks what it sounds like to me really.

        I have not seen a plain jane dsl modem in years and years, they are ALL gateway devices, ie modem/router combos that do NAT..  I would have to assume with that 192.168.0.1 address its natting.

        Anywho – as to seeing traffic from your "modem"  Normally any traffic from a private would be blocked and not logged per this setting

        Block private networks
        When set, this option blocks traffic from IP addresses that are reserved for private networks as per RFC 1918 (10/8, 172.16/12, 192.168/16) as well as loopback addresses (127/8).  You should generally leave this option turned on, unless your WAN network lies in such a private address space, too.

        So you must of turned that rule off?  Why??

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

        1 Reply Last reply Reply Quote 0
        • G Offline
          georgeberz
          last edited by

          I still do not understand and some of the things have been cleared up found a dlink router being used as a switch/hub with no wan took it out etc.

          The DSL modem has not changed it is a standalone I have about 50 of these laying around from a former venture
          http://www.calweb.com/dsl/SpeedStream_4100.pdf

          Diagram of connection
          DSL4100 DEVICE>  cat5e > Network connection 1 on eMachine > pesense software on eMachine > Network connection 2 > cat5e > netgear gigabit switch > home network consisting of 6 ubiquity wireless powerstations 6 acting in bridge mode + 2 picostations as in station mode. > a bunch of pc's, gameboys, several ps3's wii's laptops, cell phones w/wifi and a kindle.

          the modem is connected via pppoe and the pcfsense box is connected via dhcp to the modem

          1 Reply Last reply Reply Quote 0
          • johnpozJ Online
            johnpoz LAYER 8 Global Moderator
            last edited by

            Well 3rd bullet from linked to pdf for your "modem"

            "Network address translation"

            So what mode is this 4100 in?

            From this manual for the 4100 and 4200 series "ROUTER" which what you have there not just a modem.
            http://internet.bell.ca/img_gallery/SpeedStream4200_EN.pdf

            If the device is in bridge mode you loose ppp
            The second mode of operation provides only "bridging" functionality. This applies to both WAN-to-LAN connectivity as well as to all LAN-side interfaces. Point-to-Point (PPP) connections are not available under the bridge mode of operation

            So you would then have to do your PPPoE on your pfsense box – which would make more sense when I see your public IP there in your logs.

            Also says if you put it in bridge mode that you would loose access to its interface

            Important! If you switch to Bridge mode, you will lose access to the Web management interface and can only return to Router mode by resetting the Router to factory defaults.

            So since you say you can access 192.168.0.1 tells me your in router/NAT mode??  Which if your going to be using your pfsense box for you wouldn't want.

            How is your pfsense box getting a public IP on its wan interface if your "4100" is doing nat??

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

            1 Reply Last reply Reply Quote 0
            • G Offline
              georgeberz
              last edited by

              Ok I reinstalled pfsense current 2.0 again, and this time set up the modem as a passthrough with pppoe on router or computer mode,
              Set up pppoe on  pfsense to get DSL working and this stopped access to 192.168.0.1 and that error has gone away

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.