'Default deny rule IPv4 (1000000103)' WAN Drops - Help/Explanation needed



  • Hi there,

    First of all I am a pfSense newbie, so please bear with me...

    In the firewall log I am seeing a lot of the following entries

    Action Time Interface Rule Source Destination Protocol
    Jan 11 12:02:22 WAN Default deny rule IPv4 (1000000103) 192.168.10.10 224.0.0.1 IGMP
    Jan 11 12:00:02 WAN Default deny rule IPv4 (1000000103) 192.168.10.10:138 192.168.10.255:138 UDP

    I am not sure what I am doing wrong and what I should do to rectify it.

    I have following scenario:

        Internet
            :
            : 1&1 VDSL
            :
      .-----+-----.
      |  Router   |  IP: 192.168.10.10
      '-----+-----'
            |
        WAN | 192.162.10.0/24
            |
      .-----+-----. WAN IP: 192.168.10.20
      |  pfSense  +
      '-----+-----' LAN IP: 192.168.20.254
            |
        LAN | 192.168.20.0/24
            |
      .-----+------.
      | LAN-Switch |
      '-----+------'
            |
    ...-----+------... (Clients/Servers)
    

    Thank you very much in advance!


  • Galactic Empire

    @lpacor said in 'Default deny rule IPv4 (1000000103)' WAN Drops - Help/Explanation needed:

    Action Time Interface Rule Source Destination Protocol
    Jan 11 12:02:22 WAN Default deny rule IPv4 (1000000103) 192.168.10.10 224.0.0.1 IGMP
    Jan 11 12:00:02 WAN Default deny rule IPv4 (1000000103) 192.168.10.10:138 192.168.10.255:138 UDP

    Jan 11 12:02:22 WAN Default deny rule IPv4 (1000000103) 192.168.10.10 224.0.0.1 IGMP << this is multicast

    Jan 11 12:00:02 WAN Default deny rule IPv4 (1000000103) 192.168.10.10:138 192.168.10.255:138 UDP << this is a broadcast to all hosts, UDP port 138 is netbios.

    Can you switch off IGMP on 192.168.10.10 and netbios.

    Better still can you switch the router 192.168.10.10 into modem mode as your current setup will have a NAT done on 192.168.10.10 and another done on 192.168.10.20.



  • Thanks for the swift reply, Andy!

    Jan 11 12:02:22 WAN Default deny rule IPv4 (1000000103) 192.168.10.10 224.0.0.1 IGMP << this is multicast

    Jan 11 12:00:02 WAN Default deny rule IPv4 (1000000103) 192.168.10.10:138 192.168.10.255:138 UDP << this is a broadcast to all hosts, UDP port 138 is netbios.

    ... and for the explanation...

    Can you switch off IGMP on 192.168.10.10 and netbios.

    What are they used for? Can they be simply switched off? I am not sure though whether and how: it's a fritz box and they hide functions and use other names... :-(

    Better still can you switch the router 192.168.10.10 into modem mode as your current setup will have a NAT done on 192.168.10.10 and another done on 192.168.10.20.

    I'm afraid I can't, they took that function away... at the moment I am doing port forwarding on the fritz box (10.10) with a static route for the 192.168.20.0/24 network and NAT on pfSense (10.20).

    I was thinking to change a few things like having a dedicated modem connecting to pfSense and use the fritz box behind pfSense just for the telephony. But this is a major rework and I haven't so much time...


  • Galactic Empire