Understanding diffrences between em0 and WAN address
-
Hello All,
My isp requires that my wan be on vlan 35 which i have all setup correctly. VLAN35 on em0, re0 on LAN. When looking at my firewall logs i see that all TCP traffic on interface WAN and LAN but i also see multicast traffic UDP/IGMP on interface em0. Does the logs over interface em0 mean that its going external? why do i see em0 and WAN at times?
IGMP
allow Mar 27 21:12:48 em0 (1770009770) 192.168.0.126 224.0.0.251 IGMP
allow Mar 27 21:12:48 LAN (1770009770) 192.168.0.126 224.0.0.251 IGMP
allow Mar 27 21:12:36 em0 (1770009770) 192.168.0.126 224.0.0.251 IGMP
allow Mar 27 21:12:36 LAN (1770009770) 192.168.0.126 224.0.0.251 IGMP
allow Mar 27 21:12:36 LAN (177009770) 192.168.0.126 224.0.0.251 IGMP
block Mar 27 21:12:36 em0 (1000002620) 192.168.0.126 224.0.0.2 IGMPTCP
block Mar 27 21:16:43 LAN pfB_firehol_level1 auto rule (1770009847) 192.168.0.116:58242 10.2.72.22:8443 TCP:S
block Mar 27 21:16:42 WAN pfB_firehol_level1 auto rule (1770010967) 196.52.43.64:59315 156.34.23.161:465 TCP:S -
Not related to your question. But as an FYI. The level1 feed also has bogons included. So that feed should only be used for Inbound WAN traffic.
-
Did you setup any IP on em0? Or just on the vlan 35 sitting on em0?
Untagged traffic would hit em0..
How do you have this connected? Seems the same L2 traffic is hitting your lan and you wan interface??
-
i don't think i have. Here is a screenshot. if you need anything else please let me know. is it possible to block all traffic on em0 aka non-vlan traffic?
Pfsense has 3 nics,
1 - Onboard 1000/100 connected to my ONT (WAN)
2 - PCMCIA 1000/100 connected to my switch (LAN traffic)
3 - Onboard Wireless - disabled
-
That is not showing the interface - that is just showing vlans. Actually go into interface em0
What is em0 connected too.. If correctly configured on the switch no untagged traffic should get to it. Seems to me that your seeing the same traffic on both your lan and em0 at the same time. Like they are in the same untagged vlan.
-
here you are. My three switches are not managed btw. pfsense LAN connects to a switch that also connects to 2 more switches and 2 ap's. WAN(em0 vlan35) connects directly to my ONT which converts LAN to Fibre for my ISP
-
So i just tried something and it seems to work. not sure if i was suppose to create a em0 interface when i created my pfsense router.
1. Go to Interface -> assign
2. assign em0 as only one with a vlan exist on WAN
3. enable the interface em0
4. go to Firewall rules and select the em0 tab
5. create a rule to block all traffic.