Odd firewall entry
-
I'm confused by this entry in the log, and the source of the packet. As em0 is my WAN port, what is the real source of this packet? And how do I make it go away? I've recently did a fresh install and reconfiguration of this device and yet this entry persists. Any help is appreciated.
And the rule:
-
It's an IGMP packet being blocked.
https://en.wikipedia.org/wiki/Internet_Group_Management_Protocol
If they bother you, you could create a block rule specifically for those packets and then set the rule to not log.
-
Thanks for the reply, KOM. My problem with that is any attempt to create a rule results in the system complaining about em0 not being a valid interface, hence my confusion in the first place.
-
what interface do you have assigned to em0? That is the interface you would create the rule on.
-
As in my first post, em0 is my WAN port. I've created a block rule as you've suggested, and told it to not log the block. The em0 packet block still appears in the log.
-
why would you be seeing packets from 192.168.254.254 on your wan? Is that from your isp network, or are you behind a double nat? If behind a double nat what else do you have on this 192.168.254 network? You seem to have multiple public IPs 50.x.x.66 and .65
Post up your wan rules so we can see them and your rule to not log.
-
I think we're drifting away from my initial question: Why am I seeing anything in my firewall log tagged with em0 as the interface when that interface was defined during setup as WAN?
-
because its NOT to your wan address.. its just being seen on the interface as multicast.. Your wan IP is .65 .66 etc.. So it is being seen on the interface directly.
-
because its NOT to your wan address.. its just being seen on the interface as multicast.. Your wan IP is .65 .66 etc.. So it is being seen on the interface directly.
Johnpoz, thank you. The light bulb just came on. There is indeed an upstream device that exposes a management interface on a network that overlaps my internal LAN addresses. In effect, there are two networks on em0. Problem solved.
