Block private & bogon networks
-
Hello!
I have a 6 NIC box, with 3 LAN and 3 WAN. The options [Block private networks] & [Block bogon networks] appear only on the first WAN interface of pfSense.
If I want to filter private & bogon networks at my 3 WAN …
Must I to define an [Aliases] for private & bogon networks and put blocking rules at my 3 WAN ?
Is it correct ?
Note: I have an snort machine at the LAN side and sometimes it detects some packets from private & bogons networks.
Regards,
Josep Pujadas
-
I'd hope you're using "private" (RFC1918) addresses on your LAN, unless of course you've been allocated a netblock of your own…
-
Yes, of course …
But sometimes I see things like these:
Generated by BASE v1.3.5 (marie) on Thu, 17 May 2007 20:58:05 +0200
#1-59854| [2007-05-16 11:53:48] 10.2.44.1 -> 192.168.XXX.XXX [local/485] [snort/1:485] ICMP Destination Unreachable Communication Administratively Prohibited
#1-59855| [2007-05-16 11:53:51] 10.2.44.1 -> 192.168.XXX.XXX [local/485] [snort/1:485] ICMP Destination Unreachable Communication Administratively Prohibited
#1-59856| [2007-05-16 11:53:54] 10.2.44.1 -> 192.168.XXX.XXX [local/485] [snort/1:485] ICMP Destination Unreachable Communication Administratively Prohibited
#1-59858| [2007-05-16 11:53:57] 10.2.44.1 -> 192.168.XXX.XXX [local/485] [snort/1:485] ICMP Destination Unreachable Communication Administratively Prohibited
#1-59859| [2007-05-16 11:54:03] 10.2.44.1 -> 192.168.XXX.XXX [local/485] [snort/1:485] ICMP Destination Unreachable Communication Administratively Prohibited
#1-59861| [2007-05-16 11:54:15] 10.2.44.1 -> 192.168.XXX.XXX [local/485] [snort/1:485] ICMP Destination Unreachable Communication Administratively Prohibitedand if I made (with one of my FreeBSD servers at LAN side):
nmap -v -P0 10.2.44.1
10.2.44.1 has no ports opened but it is alive !!!
Regards,
Josep Pujadas
-
A number of ISPs use RFC1918 addresses internally - certainly my initial DHCP lease comes from a 10.x address and parts of my traceroute to the Internet go through various RFC1918 addresses. Also, many cable and ADSL modems have an RFC1918 configuration address.
In short - I'm not surprised by what you're seeing.
-
Ok!
Thanks, Cry