New to pfSense - need some help



  • Hi

    I am new to this forum and to pfSense.  I have searched the forum and not found the information Iam after so hoping someone can comment.

    I have just moved from a Draytek 2960 to pfSense box.  The installation went smoothly with no issues.

    Setup
    ADSL2 connection to Draytek 130 modem (the 130 is configured to bridge/pass through mode),  Draytek 130 connected to pfSense box  (pfSense running PPPOE on WAN interface,  I also have a static ip from my ISP which gets assigned when the pfSense box connects)
    .
    The pfSense box is configured just with default settings block all in and allow all out.  I have internet seems to work as its ment to.

    Questions:
    1. Looking at the firewall logs I see its blocking external IP address (as it should) however the volume seems high compared to when the Draytek router was in place.  pfSense shows about 4+ per minute.  When the Draytek was in place I use to get maybe 5 - 10 a day.  Is this normal as it does not seem right.

    2.  I also notices in the firewall logs that the WAN interface (em0) is all broadcasting every 10 seconds as follows Interface: em0 Source:0.0.0.0: xxxx port Destination: 255.255.255.255: port 4944 (always same port for destination)  I think this is DHCP broadcast but not sure why it does it.  Can this be turned off as it creates a lot of noise in the firewall logs and not sure why its doing it.

    Any thoughts/comments would be appreciated.

    Regards
    Andrew



  • 4 per minute is nothing. I was getting several per second before I turned off logging on the default block rule.

    With my 100Mb connection, I could scan the entire Internet in about 1.5 hours. During that scan I will have hit you at least once. Over the period of the day, I will have hit you almost 16 times. That's one computer. There are hundreds and thousands of compromised computers constantly scanning. If it was showing 5-10 per day, then it wasn't showing you everything.


Log in to reply