Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Firewall log

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 2 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J Offline
      Jamerson
      last edited by

      Hoi guys,
      today i've checked my firewall log and notices this IP repeating the access to the firewall ! ( please find the attached )
      i dont have really this Subnet on my network, all my subnets are Class C !
      any suggestions what it could be ? it keep trying to connect every sec, i beleive someone is running some kind of script !

      Firewall.jpg
      Firewall.jpg_thumb

      1 Reply Last reply Reply Quote 0
      • P Offline
        phil.davis
        last edited by

        224.0.0.0/4 is IPv4 Multicast address space - http://en.wikipedia.org/wiki/Reserved_IP_addresses
        Is that source address actually in one of your subnets? If not, then someone has a device with a static IP set and they have connected it.
        What physical network do you have, that the traffic is being seen on LAN and WAN?

        As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
        If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

        1 Reply Last reply Reply Quote 0
        • J Offline
          Jamerson
          last edited by

          @phil.davis:

          224.0.0.0/4 is IPv4 Multicast address space - http://en.wikipedia.org/wiki/Reserved_IP_addresses
          Is that source address actually in one of your subnets? If not, then someone has a device with a static IP set and they have connected it.
          What physical network do you have, that the traffic is being seen on LAN and WAN?

          hi Phil,
          i dont have any device using this IP all my subnets are Class C
          Pfsense is Virtual not Physical and using 3 NICS.
          all traffic goes from WAN to LAN and the otherway arround !
          i tried to ping that IP internaly but can't seem to reply.

          Maybe is a ISP broadcasting to the PFSENSE?

          1 Reply Last reply Reply Quote 0
          • P Offline
            phil.davis
            last edited by

            Maybe is a ISP broadcasting to the PFSENSE?

            That is quite usual - I see all sorts of rubbish on private IPs from my ISP on the WAN side. I put rules like the attached at the end of my ruleset on WAN to block and not log incoming multicast or packets with private IP source addresses. Then I just don't see all that crud on the ISPs "internal" network.
            But I don't understand how you see that on LAN also.

            ISPblockrules.png
            ISPblockrules.png_thumb

            As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
            If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

            1 Reply Last reply Reply Quote 0
            • J Offline
              Jamerson
              last edited by

              @phil.davis:

              Maybe is a ISP broadcasting to the PFSENSE?

              That is quite usual - I see all sorts of rubbish on private IPs from my ISP on the WAN side. I put rules like the attached at the end of my ruleset on WAN to block and not log incoming multicast or packets with private IP source addresses. Then I just don't see all that crud on the ISPs "internal" network.
              But I don't understand how you see that on LAN also.

              maybe this rabish because the ISP gateway is the WAN of the Pfsense, and Pfsense is Virtual ?

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.