Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Odd firewall entry

    Firewalling
    3
    9
    770
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DeLiver last edited by

      I'm confused by this entry in the log, and the source of the packet. As em0 is my WAN port, what is the real source of this packet? And how do I make it go away? I've recently did a fresh install and reconfiguration of this device and yet this entry persists. Any help is appreciated.

      And the rule:

      1 Reply Last reply Reply Quote 0
      • KOM
        KOM last edited by

        It's an IGMP packet being blocked.

        https://en.wikipedia.org/wiki/Internet_Group_Management_Protocol

        If they bother you, you could create a block rule specifically for those packets and then set the rule to not log.

        1 Reply Last reply Reply Quote 0
        • D
          DeLiver last edited by

          Thanks for the reply, KOM. My problem with that is any attempt to create a rule  results in the system complaining about em0 not being a valid interface, hence my confusion in the first place.

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            what interface do you have assigned to em0?  That is the interface you would create the rule on.

            1 Reply Last reply Reply Quote 0
            • D
              DeLiver last edited by

              As in my first post, em0 is my WAN port. I've created a block rule as you've suggested, and told it to not log the block. The em0 packet block still appears in the log.

              1 Reply Last reply Reply Quote 0
              • johnpoz
                johnpoz LAYER 8 Global Moderator last edited by

                why would you be seeing packets from 192.168.254.254 on your wan?  Is that from your isp network, or are you behind a double nat?  If behind a double nat what else do you have on this 192.168.254 network?  You seem to have multiple public IPs 50.x.x.66 and .65

                Post up your wan rules so we can see them and your rule to not log.

                1 Reply Last reply Reply Quote 0
                • D
                  DeLiver last edited by

                  I think we're drifting away from my initial question: Why am I seeing anything in my firewall log tagged with em0 as the interface when that interface was defined during setup as WAN?

                  1 Reply Last reply Reply Quote 0
                  • johnpoz
                    johnpoz LAYER 8 Global Moderator last edited by

                    because its NOT to your wan address.. its just being seen on the interface as multicast.. Your wan IP is .65 .66 etc.. So it is being seen on the interface directly.

                    1 Reply Last reply Reply Quote 0
                    • D
                      DeLiver last edited by

                      @johnpoz:

                      because its NOT to your wan address.. its just being seen on the interface as multicast.. Your wan IP is .65 .66 etc.. So it is being seen on the interface directly.

                      Johnpoz, thank you. The light bulb just came on. There is indeed an upstream device that exposes a management interface on a network that overlaps my internal LAN addresses. In effect, there are two networks on em0. Problem solved.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post

                      Products

                      • Platform Overview
                      • TNSR
                      • pfSense
                      • Appliances

                      Services

                      • Training
                      • Professional Services

                      Support

                      • Subscription Plans
                      • Contact Support
                      • Product Lifecycle
                      • Documentation

                      News

                      • Media Coverage
                      • Press
                      • Events

                      Resources

                      • Blog
                      • FAQ
                      • Find a Partner
                      • Resource Library
                      • Security Information

                      Company

                      • About Us
                      • Careers
                      • Partners
                      • Contact Us
                      • Legal
                      Our Mission

                      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                      Subscribe to our Newsletter

                      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                      © 2021 Rubicon Communications, LLC | Privacy Policy