Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Continuous data traffic to WAN

    Scheduled Pinned Locked Moved General pfSense Questions
    43 Posts 10 Posters 5.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      Alex Atkin UK @JKnott
      last edited by

      @JKnott said in Continuous data traffic to WAN:

      @Alex-Atkin-UK said in Continuous data traffic to WAN:

      Would it not be simpler to just have a firewall rule block traffic from the offending device, if you CAN'T adjust the network to compensate I mean?
      Its not graceful I know, but it at least prevents it going out the WAN.

      What's going out? For it to go anywhere, it needs a destination address. Where's it going? If it's the broadcast address, then it's not going out anywhere. What does Packet Capture, running on the WAN interface, show?

      I'm just trying to follow what was said above, I also thought it couldn't go out but its suggested above that it COULD go out if the broadcast address does not match the LAN.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        @Alex-Atkin-UK said in Continuous data traffic to WAN:

        that it COULD go out if the broadcast address does not match the LAN.

        Yeah it "could" But in what freak show of scenario would you be running devices on the same L2 with different masks for their L3?? No you don't do that!!!

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • DerelictD
          Derelict LAYER 8 Netgate
          last edited by Derelict

          It's not the broadcast address because the broadcast address on the interface is .63

          There is NO WAY for an interface to know .255 is a broadcast address if it is on subnet .0/26

          If there are devices on a network that were designed by morons that insist on using /24, then you either remove the devices from the network or you use /24. Period. You don't block the traffic or try to work around it in other silly ways.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 1
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.