Help with Firewall Log
-
So did you go into your daytek and
UNmarking "Broadcast DSL status to LAN" under ->System Maintenance->Management
-
So did you go into your daytek and
UNmarking "Broadcast DSL status to LAN" under ->System Maintenance->Management
I will take a look at it and report back soon, at this time it is not possible to power it down. Not to be on hasty side, but I thought a Draytek Vigor 130 set into PPPoA to PPPoE and as so bridging between ISP and WAN was totally transparent.
btw if you have taken a look I remove the file as there's a mac address in there you can't be to carefull ;)
-
why would you have to power it down?
-
As I said settings it to bridge mode between PPPoA and PPPoe, to the best of my knowledge it has no IP (that's why I said it was transparent) so I don't know how to login on it, is there a way? The moment I disconnect it from the Internet it get's an IP (static).
-
well my cable modem is "transparent" ie pfsense gets a public IP.. And I can still access the cable modem via 192.168.100.1 - I would assume daytek would have the same sort of default IP for management even when in "bridge" mode.
-
http://just.draytek.com/index.php?option=com_k2&view=item&id=5617&Itemid=293&lang=en From what the specs say it seems that it could send DSl info (you are wright, still not checked it in the hardware though ;) ), although I never checked this option and as I know not how to access it, I am still mandatory to power it down and connect it to my LAN as I don't know how to set an IP as It is on on the WAN side?
-
well the IP by default is 192.168.1.1 I think - this might be the IP even when in bridge mode.
What IP you using on pfsense lan side?
-
192.168.1.1 so they are the same I can change it, but I still don't understand that there can be a IP thats in the LAN range set on the WAN side ???
-
you can not.. if your pfsense lan is 192.168.1.0/24 then no you wouldn't be able to access your isp devices IP of 192.168.1.1 from devices on your lan.
Doesn't mean that device can not have that IP..
For example my cable modem is 192.168.100.1 my lan is 192.168.9.0/24 I can access it just fine without doing anything because pfsense send that traffic out its wan interface and the cable modem picks it up and answers. Some devices might not do that - and you might have to setup a vip on your wan interface to be on the same network as your device, etc..
See the pfsense doc about accessing modem on wan, etc.
-
Thanks I wll look into it it seems according to these http://www.geekzone.co.nz/forums.asp?forumid=66&topicid=196693 that it might be done I will report back also on the 0.0.0.0 port 4944 thanks (so far) for all your time, I am wiser now !!
-
<off topic="">I see my Disk usage ( /mnt ) is 102% of 595MiB - ufs never saw that?</off>
-
<off topic="">I see my Disk usage ( /mnt ) is 102% of 595MiB - ufs never saw that?</off>
Did your tcpdump fill up /mnt?
-
There shouldn't be anything mounted on /mnt unless you're doing something funky.
-
There shouldn't be anything mounted on /mnt unless you're doing something funky.
Yes I did stupid me ;)
-
So did you go into your daytek and
UNmarking "Broadcast DSL status to LAN" under ->System Maintenance->Management
Yes and unchecking "Broadcast DSL status to router in LAN" did the job, this option has been introduced in version 3.7.6. Draytek mentions New features only in the release notes of the firmware and as I didn't update for long time (there was nothing worth updating IMO) I didn't knew it was there when I updated a week ago. So now I now (again) why you should always stay current with the lastest firmware.
Thanks for your help!!
-
I have another one I could use some help with
Aug 8 16:00 WLAN 0.0.0.0 224.0.0.1
I did a capture with pfsense, but nothing was captured. I tried it with tcpdump and I see some multicasts, but still I don't know what the origin is. Is there someway to find the source?
I have a hunch that it is a Sonos device 16:10:30.388315 xx:xx:xx:xx:75:14 > ff:ff:ff:ff:ff:ff, Unknown Ethertype (0x6970), length 74:
Thanks for any help!
-
yeah 224 is multicast, looks like you already tracked it down via the mac - what is the dest port?
I have turned off default block logging because there is quite a bit of noise when you do that, and created my own block rules above the default that log what I like to see, like tcp syn into my wan. And then any traffic to any pfsense IP on my lan side.
I block most multicast traffic at the switch level since I don't use it there is no reason for it to even get to pfsense interface. While I allow between devices on a specific network/vlan I block it from going to pfsense at the switch ;)
-
Thats a problem there is no port mentioned in pfsense. I tried a tcpdump -i em1 dest host 224.0.0.1 but nothing. So I did a tcpdump i em1 -c 200 and that gave 2 multicasts from the same mac address at a certian time frame that it could correspond with the log in pfSense, but I am not sure.
-
Only TCP and UDP have a notion of a "port". Other IP protocols are free to use ports or not to use them as they choose.
-
what does the firewall log show? It should list the protocol if its a portless one. Does the mac address match up too. you obfuscated the part that would let us look up the hardware maker.
If the firewall blocking it then you would be able to capture it. 224.0.0.1 is the all hosts multicast address.
