Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Need your help to this

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 2 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      jorgepft
      last edited by

      Hi.

      I' am new to pfsense and i have been testing it with great satisfaction. Since some days i have a strange problem. My firewall log is full of:

      Act Time If Source Destination Proto
      block Dec 9 14:53:16 WAN 10.33.63.254:67 255.255.255.255:68 UDP
      block Dec 9 14:53:16 WAN 10.33.63.254:67 255.255.255.255:68 UDP
      block Dec 9 14:53:20 WAN 10.33.63.254:67 255.255.255.255:68 UDP
      block Dec 9 14:53:24 WAN 10.33.63.254:67 255.255.255.255:68 UDP
      block Dec 9 14:53:24 WAN 10.33.63.254:67 255.255.255.255:68 UDP
      block Dec 9 14:53:26 WAN 10.33.63.254:67 255.255.255.255:68 UDP
      and so on…..

      What does this mean ?

      Thanks

      1 Reply Last reply Reply Quote 0
      • johnpozJ Offline
        johnpoz LAYER 8 Global Moderator
        last edited by

        That is DHCP traffic.. There is going to be LOADS of it on the wan side of your internet connection.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • J Offline
          jorgepft
          last edited by

          @johnpoz:

          That is DHCP traffic.. There is going to be LOADS of it on the wan side of your internet connection.

          Thanks for helping. What is confusing me is that private 10.33.63.. ip that is always there. its always the same ip since 4 days now. we are talking about a log with this ip for almost every second. it was not hapening until now.

          1 Reply Last reply Reply Quote 0
          • johnpozJ Offline
            johnpoz LAYER 8 Global Moderator
            last edited by

            Its prob your isp dhcp server.. Since I assume your pfsense IP is public, ie not rfc1918 address space 10.x.x.x, 192.168.x.x, 172.16-31.x.x

            Or it could be a misconfigured something that is connected to same broadcast domain as you on your isp.. Its typical internet noise that no you shouldn't log :)

            You can adjust your firewall rules not to log it so it does not fill up your logs - but the traffic is still going to be there.. I don't see any of it in my logs, but take a look

            from packet capture for like 1 second
            11:47:32.837986 IP 96.120.27.233.67 > 255.255.255.255.68: UDP, length 301
            11:47:32.908799 IP 96.120.27.233.67 > 255.255.255.255.68: UDP, length 301

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            1 Reply Last reply Reply Quote 0
            • J Offline
              jorgepft
              last edited by

              @johnpoz:

              Its prob your isp dhcp server.. Since I assume your pfsense IP is public, ie not rfc1918 address space 10.x.x.x, 192.168.x.x, 172.16-31.x.x

              Or it could be a misconfigured something that is connected to same broadcast domain as you on your isp.. Its typical internet noise that no you shouldn't log :)

              You can adjust your firewall rules not to log it so it does not fill up your logs - but the traffic is still going to be there.. I don't see any of it in my logs, but take a look

              from packet capture for like 1 second
              11:47:32.837986 IP 96.120.27.233.67 > 255.255.255.255.68: UDP, length 301
              11:47:32.908799 IP 96.120.27.233.67 > 255.255.255.255.68: UDP, length 301

              Thanks a lot.
              So no need to worry about it. Must be the bridged cable modem of my provider that have been updated by them and caused this.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.