Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Odd firewall entry

    Firewalling
    3
    9
    773
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      DeLiver last edited by

      I'm confused by this entry in the log, and the source of the packet. As em0 is my WAN port, what is the real source of this packet? And how do I make it go away? I've recently did a fresh install and reconfiguration of this device and yet this entry persists. Any help is appreciated.

      And the rule:

      1 Reply Last reply Reply Quote 0
      • KOM
        KOM last edited by

        It's an IGMP packet being blocked.

        https://en.wikipedia.org/wiki/Internet_Group_Management_Protocol

        If they bother you, you could create a block rule specifically for those packets and then set the rule to not log.

        1 Reply Last reply Reply Quote 0
        • D
          DeLiver last edited by

          Thanks for the reply, KOM. My problem with that is any attempt to create a rule  results in the system complaining about em0 not being a valid interface, hence my confusion in the first place.

          1 Reply Last reply Reply Quote 0
          • johnpoz
            johnpoz LAYER 8 Global Moderator last edited by

            what interface do you have assigned to em0?  That is the interface you would create the rule on.

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

            1 Reply Last reply Reply Quote 0
            • D
              DeLiver last edited by

              As in my first post, em0 is my WAN port. I've created a block rule as you've suggested, and told it to not log the block. The em0 packet block still appears in the log.

              1 Reply Last reply Reply Quote 0
              • johnpoz
                johnpoz LAYER 8 Global Moderator last edited by

                why would you be seeing packets from 192.168.254.254 on your wan?  Is that from your isp network, or are you behind a double nat?  If behind a double nat what else do you have on this 192.168.254 network?  You seem to have multiple public IPs 50.x.x.66 and .65

                Post up your wan rules so we can see them and your rule to not log.

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

                1 Reply Last reply Reply Quote 0
                • D
                  DeLiver last edited by

                  I think we're drifting away from my initial question: Why am I seeing anything in my firewall log tagged with em0 as the interface when that interface was defined during setup as WAN?

                  1 Reply Last reply Reply Quote 0
                  • johnpoz
                    johnpoz LAYER 8 Global Moderator last edited by

                    because its NOT to your wan address.. its just being seen on the interface as multicast.. Your wan IP is .65 .66 etc.. So it is being seen on the interface directly.

                    An intelligent man is sometimes forced to be drunk to spend time with his fools
                    If you get confused: Listen to the Music Play
                    Please don't Chat/PM me for help, unless mod related
                    2440 2.4.5p1 | 2x 3100 2.4.4p3 | 2x 3100 22.01 | 4860 22.05

                    1 Reply Last reply Reply Quote 0
                    • D
                      DeLiver last edited by

                      @johnpoz:

                      because its NOT to your wan address.. its just being seen on the interface as multicast.. Your wan IP is .65 .66 etc.. So it is being seen on the interface directly.

                      Johnpoz, thank you. The light bulb just came on. There is indeed an upstream device that exposes a management interface on a network that overlaps my internal LAN addresses. In effect, there are two networks on em0. Problem solved.

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post