2.4 : broadcast packets from lan in wan firewall log



  • In firewall logs I see, associated to WAN firewall rules, entries related to packet coming from LAN interface having destination lan broadcast address (in my case 192.168.1.255)
    please note: this happens even if I create a rule (in LAN) to block all ingress packet having 192.168.1.255 destination, seems that broadcast traffic from lan are see by firewall also like coming/ingress from wan.
    No trace of this in previous 2.3.3/2.3.4



  • Rebel Alliance Developer Netgate

    That can only happen if those packets enter your WAN. Your WAN and LAN(s) all appear to be on the same switch/layer 2 without proper segmentation.



  • thank for your reply
    In this case It seems impossible, the wan interface is not connected with lan switch ma directly to a vdsl modem (IPoE, DHCP, modem in bridged mode).


  • Rebel Alliance Developer Netgate

    The packets have to be entering that interface somehow, and not even a bridge on the firewall could do that. Something must be sending the packets into that interface at layer 2.



  • Post the output of 'ifconfig' as run from Diagnostics->Command Prompt->Execute Shell Command



  • igb0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            options=6400bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,rxcsum_ipv6,txcsum_ipv6>ether a0:36:9f:::**
            inet6 fe80::a236:9fff:fe**:%igb0 prefixlen 64 scopeid 0x1
            inet6 2001:b07:
    :💯:10 prefixlen 72
            inet 192.168.1.10 netmask 0xffffff00 broadcast 192.168.1.255
            nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
            status: active
    igb1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            options=6400bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,rxcsum_ipv6,txcsum_ipv6>ether a0:36:9f:::**
            inet6 fe80::a236:9fff:fe**:
    %igb1 prefixlen 64 scopeid 0x2
            inet 192.168.3.10 netmask 0xffffff00 broadcast 192.168.3.255
            nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
            status: active
    igb2: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            options=6400bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,rxcsum_ipv6,txcsum_ipv6>ether a0:36:9f:::**
            inet6 fe80::a236:9fff:fe**:%igb2 prefixlen 64 scopeid 0x3
            inet6 2001:b07:::400::10 prefixlen 72
            inet 192.168.4.10 netmask 0xffffff00 broadcast 192.168.4.255
            nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
            status: active
    igb3: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            options=6400bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,rxcsum_ipv6,txcsum_ipv6>ether a0:36:9f:::**
            inet6 fe80::a236:9fff:fe**:
    %igb3 prefixlen 64 scopeid 0x4
            inet 192.168.5.10 netmask 0xffffff00 broadcast 192.168.5.255
            nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
            status: active
    igb4: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            options=6400bb <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,rxcsum_ipv6,txcsum_ipv6>ether a0:36:9f:::**
            inet6 fe80::a236:9fff:fe**:%igb4 prefixlen 64 scopeid 0x5
            inet 2.
    .
    .226 netmask 0xfffff800 broadcast 2.
    .
    .255
            nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (100baseTX <full-duplex>)
            status: active
    lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
            options=600003 <rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6>inet6 ::1 prefixlen 128
            inet6 fe80::1%lo0 prefixlen 64 scopeid 0x6
            inet 127.0.0.1 netmask 0xff000000
            nd6 options=21 <performnud,auto_linklocal>groups: lo
    enc0: flags=41 <up,running>metric 0 mtu 1536
            nd6 options=21 <performnud,auto_linklocal>groups: enc
    pflog0: flags=100 <promisc>metric 0 mtu 33160
            groups: pflog
    pfsync0: flags=0<> metric 0 mtu 1500
            groups: pfsync
            syncpeer: 224.0.0.240 maxupd: 128 defer: on
            syncok: 1
    ovpns1: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1500
            options=80000 <linkstate>inet6 fe80::a236:9fff:fe**:%ovpns1 prefixlen 64 scopeid 0xd
            inet 192.168.2.1 –> 192.168.2.2  netmask 0xffffff00
            nd6 options=21 <performnud,auto_linklocal>groups: tun openvpn
            Opened by PID 23577
    gif0: flags=8051 <up,pointopoint,running,multicast>metric 0 mtu 1480
            options=80000 <linkstate>tunnel inet 2.
    .
    .226 --> 81.
    .
    .214
            inet6 2001:b07:::: --> 2001:b07::::  prefixlen 128
            inet6 fe80::a236:9fff:fe**:****%gif0 prefixlen 64 scopeid 0xa
            nd6 options=21 <performnud,auto_linklocal>groups: gif</performnud,auto_linklocal></linkstate></up,pointopoint,running,multicast></performnud,auto_linklocal></linkstate></up,pointopoint,running,multicast></promisc></performnud,auto_linklocal></up,running></performnud,auto_linklocal></rxcsum,txcsum,rxcsum_ipv6,txcsum_ipv6></up,loopback,running,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,rxcsum_ipv6,txcsum_ipv6></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,rxcsum_ipv6,txcsum_ipv6></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,rxcsum_ipv6,txcsum_ipv6></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,rxcsum_ipv6,txcsum_ipv6></up,broadcast,running,simplex,multicast></full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,jumbo_mtu,vlan_hwcsum,vlan_hwtso,rxcsum_ipv6,txcsum_ipv6></up,broadcast,running,simplex,multicast>



  • anyway, I can't explain how and why…. but there is no more trace of "strange" traffic in wan firewall log in the last 12h.


Log in to reply