Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Logging question

    Scheduled Pinned Locked Moved General pfSense Questions
    4 Posts 2 Posters 393 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      str8edgedave
      last edited by

      Hi,
      I have 2 Netgate firewalls, an SG-2440 and an SG-1100. Both are up-to-date running 2.4.4-RELEASE-p3. Both are configured for remote syslog, where the logs are being received properly.

      I have recently factory reset and reconfigured both firewalls, for IPv4 traffic only. The SG-2440 is acting as expected, and the filterlog only shows message pertaining to IPv4. The SG-1100, however shows a tonne of IPv6 messages, in one of 2 reoccurring formats. The first are UPD messages from an internal (fe80::) to the IPv6 multicast address (ff02::fb) on port 3702. The second messages are also UDP, but on port 5353. There are all mdns related messages, either WS-Discovery or Avahi/bonjour, etc.

      What I am trying to figure out is why the SG-2440 does not show IPv6 traffic in the syslog, but the SG-1100 does. I have reconfigured them using the same process. My goal is to limit the SG-1100 to IPv4 messages only, as my ISP drops all IPv6 traffic at their end.

      Any suggestions on where I can look to track down what is causing the logging difference?

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        If they are at two sites there may not be any v6 traffic hitting the 2440 to log.

        If you just want to stop it logging you can create a block IPv6 firewall rule with logging disabled and it will block it before it hits the default block rule.

        Steve

        S 1 Reply Last reply Reply Quote 0
        • S
          str8edgedave @stephenw10
          last edited by

          @stephenw10 They are at the same site, acting as gateways for the same LAN network. Computers/devices/etc get assigned a specific gateway configured via DCHP. Gaming/Home traffic goes through the SG-2440, and homelab specific stuff goes through the SG-1100. The OPT networks provide 2 different DMZs.

          SG-2440:
          WAN: <external Public IP ending .118>
          LAN: 192.168.1.1
          OPT: 192.168.2.1

          SG-1100:
          WAN: <external public IP ending .119>
          LAN: 192.168.1.254
          OPT: 172.16.1.1

          All logged IPv6 traffic from my original post is on the LAN interface on the SG-1100. I don't care that there is IPv6 traffic on my LAN, it's just really noisy in my log systems.

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            @str8edgedave said in Logging question:

            I don't care that there is IPv6 traffic on my LAN, it's just really noisy in my log systems.

            Then just block it with a custom rule without logging set.

            Steve

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.