SOLVED Traffic on WAN interface only
-
State not cleared from the firewall?
Steve
-
UDP - no state. Most of the packets get blocked, just a few single ones get through…
I am going to restart the box for good measure, and test again, though.
-
Ha! good point. ::)
-
I rebooted the pfSense and the packet leak has stopped. Hmmm…
-
I'd be looking for malware on my network. I doubt seriously its a pfsense problem.
-
It is smells like a reflected attack, not amplified though, since the packets in and out are the same size. I stopped the attack at the firewall level.
I think there is an issue with pfSense traffic graph, the traffic does not add up. I think it shows exactly double outgoing the traffic for local interfaces. I am still investigating, this will take more time to accumulate the data from different network segments and add it all up.
-
Found this: https://forum.pfsense.org/index.php?topic=67295.0
-
Check the forum. There are a number of threads about double counting on the traffic graphs. I've never seen it though, it seems to happen only under specific conditions.
Ah, typed too slow! Yep that's one of them.
Steve
-
Yep - Sometimes pfsense reports traffic bandwidthh incorrectly, which is much less troubling than having a bunch of phantom traffic.
-
Thanks for your help everybody. This was a compound issue, and it looks like everything has been explained now. I appreciate the help.
