Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help me understand what this means in firewall and why

    Scheduled Pinned Locked Moved Firewalling
    9 Posts 3 Posters 1.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      ttime
      last edited by

      Act Time IF Source Destination
      x Mar 24 14:20 LAN1 0.0.0.0 224.0.0.18
      x Mar 24 14:20 LAN1 0.0.0.0 224.0.0.18
      x Mar 24 14:20 LAN1 0.0.0.0 224.0.0.18
      x Mar 24 14:20 LAN1 0.0.0.0 224.0.0.18
      x Mar 24 14:20 LAN1 0.0.0.0 224.0.0.18
      x Mar 24 14:20 LAN1 0.0.0.0 224.0.0.18
      x Mar 24 14:20 LAN1 0.0.0.0 224.0.0.18
      x Mar 24 14:20 LAN1 0.0.0.0 224.0.0.18

      LAN1 has a few vlans

      This is in 2.5.0 firewall monitor and constantly filling up.
      I had done some changes but nothing that I can put finger on at the moment. Maybe from pointing DNS to WAN ports?

      Services-DNS Resolver-General Settings
      General DNS Resolver Options

      Outgoing Network Interfaces
      selected WAN1 and WAN2

      Also I am not using any ipv6 but is there for each interface and vlan. I tried turn off everything ipv6 no need no using why there?

      Thank you

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @ttime
        last edited by johnpoz

        @ttime said in Help me understand what this means in firewall and why:

        224.0.0.18

        That is VRRP... you have something on lan1 doing VRRP..

        Either disable that on whatever is sending it, or setup a rule not to log that traffic if you don't want to see it.

        https://en.wikipedia.org/wiki/Virtual_Router_Redundancy_Protocol

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 1
        • T
          ttime
          last edited by

          Thank you for your quick reply and help where to look. I traced it to the mobility express ap's using the native vlan.

          DaddyGoD 1 Reply Last reply Reply Quote 0
          • DaddyGoD
            DaddyGo @ttime
            last edited by DaddyGo

            @ttime said in Help me understand what this means in firewall and why:

            where to look. I traced it to the mobility express ap's using the native vlan.

            Hi,

            You can't avoid this, it's a multicast address (VRRP) that Cisco uses to configure Mobility Express

            like mine ๐Ÿ˜‰

            25c16270-fabf-41b0-be52-c8ea52a439b1-image.png

            +++edit:
            https://www.cisco.com/c/en/us/td/docs/wireless/access_point/mob_exp/88/user_guide/b_ME_User_Guide_88/appendix.html

            9390bd39-64e1-4373-be75-19dc83b4c2b1-image.png

            Cats bury it so they can't see it!
            (You know what I mean if you have a cat)

            T 1 Reply Last reply Reply Quote 1
            • T
              ttime @DaddyGo
              last edited by

              @daddygo Thank you! I was just about to look into that.

              DaddyGoD 1 Reply Last reply Reply Quote 0
              • DaddyGoD
                DaddyGo @ttime
                last edited by

                @ttime said in Help me understand what this means in firewall and why:

                I was just about to look into that.

                Then I saved you some time ๐Ÿ˜‰

                Cats bury it so they can't see it!
                (You know what I mean if you have a cat)

                johnpozJ 1 Reply Last reply Reply Quote 0
                • johnpozJ
                  johnpoz LAYER 8 Global Moderator @DaddyGo
                  last edited by

                  If you just don't want to see it on pfsense, you can create a rule in the firewall to not log that traffic..

                  An intelligent man is sometimes forced to be drunk to spend time with his fools
                  If you get confused: Listen to the Music Play
                  Please don't Chat/PM me for help, unless mod related
                  SG-4860 24.11 | Lab VMs 2.8, 24.11

                  T 1 Reply Last reply Reply Quote 0
                  • T
                    ttime @johnpoz
                    last edited by

                    @johnpoz Thank you for recommending that. I created a rule to block same traffic in the lan to destination 224.0.0.18 and the logging stopped.

                    https://docs.netgate.com/pfsense/en/latest/firewall/best-practices.html#figure-fwrules-dont-log-broadcasts

                    Regards

                    DaddyGoD 1 Reply Last reply Reply Quote 0
                    • DaddyGoD
                      DaddyGo @ttime
                      last edited by DaddyGo

                      @ttime said in Help me understand what this means in firewall and why:

                      Thank you for recommending that. I created a rule to block same traffic in the lan to destination 224.0.0.18 and the logging stopped.

                      Hi,

                      As I mentioned, this is a useful thing in your system...
                      (in fact, Iโ€™ll go further.... mandatory, if you work with Cisco Mobility stuff)
                      You will not be able to use this for debugging after this...

                      Itโ€™s worth banning things that really bother you...
                      It all tastes and slaps are different

                      BTW:
                      if you have limited "log" storage space, do not lock down the number of rows forever ๐Ÿ˜‰

                      +++edit:
                      That was not the solution ๐Ÿ˜‰

                      Cats bury it so they can't see it!
                      (You know what I mean if you have a cat)

                      1 Reply Last reply Reply Quote 0
                      • First post
                        Last post
                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.