pfSense no reporting IPs behind Switch
-
Hello everyone.
Looking for some guidance on condition that was noticed couple of months ago. There are multiple unmanaged switces connected to pfSense. Each port has their own default gateway passing through the pfSense. There are currently no other VLANs configured on pfSense since the switches are unmanaged.
The issue at hand is that pfSense firewall logs are only reporting the gateways traffic, all other IP addresses traffic are missing. Meaning, the client connections are not being reported in the logs.
Could it be possible that there is a misconfiguration or possibly a bug somewhere?
Thank ahead for your assistance.
-
@g405tsh311 said in pfSense no reporting IPs behind Switch:
The issue at hand is that pfSense firewall logs are only reporting the gateways traffic, all other IP addresses traffic are missing.
The main big advantage of switches compared ti HUBs is : they keep track, for every port, what MAC (ARP) address is attached to it.
So, traffic that is destinated to pfSense - as a device or as a gateway, is forwarded to pfSense - not the inter LAN traffic (LAN device to LAN device).@g405tsh311 said in pfSense no reporting IPs behind Switch:
Meaning, the client connections are not being reported in the logs.
Because traffic from LAN device A is taken the sortest route to LAN device B. This does not concern other LAN devices, or pfSEnse.
@g405tsh311 said in pfSense no reporting IPs behind Switch:
Each port has their own default gateway passing through the pfSense.
What do you mean ?
Is this a switch setting ? -
@gertjan said in pfSense no reporting IPs behind Switch:
What do you mean ?
Is this a switch setting ?Could it be that OP is using a "dumb" switch per vlan , and therefore the def-gw is the pfSense vlan IF (per switch) .. Kind of only thing that makes sense in my head.
Edit. DOOH - missed "No other vlans defined"
/Bingo
-
@bingo600 said in pfSense no reporting IPs behind Switch:
"No other vlans defined"
Noop. You still have a point.
"No other" means (to me - I'm not native En/Us) that there must be "one at least".
But that wouldn't make any sense. VLAN needs managed switches or experts admins. -
Ahh ...
Could be one dumb switch per pfsense ethernet interface.
These are prob. untagged , so no vlans defined , but still multiple "def-gw's"/Bingo
-
While the function of a switch, which diverse in many aspects from a Hub, and by the way, hubs are hardly used any longer, Switches frames between the same switch does not leave the switch since the frames are all forward base on the MAC in MAC table. This would be inter LAN communication. By the way, there is not way to configured gateways in unmanaged switches.
Contrary to clients, please does not mistake with network nodes, sending Internet request, leaving the network are not being logged. For install a client connecting to https://yahoo.com, it is not log into the FW logs as pass packet, or a client connecting to a site that is blocked, it is not logging a block packet. All that is being logged are the gateways.
For instance packets send by 172.16.7.1 gateway passing traffic on port 53 to the FW. But the actual client, let's say 172.16.7.100 is not being logged even the switch it directly connected to port OPT1. Almost like it is filtering the local clients.
Figured a pic worth 1K words:
Hopping that makes sense.
-
VLANs are not that complex, actually they are very simple even a subvlaning is being used. Let's use the KISS method in the scenario. No need to go on tangents or adding more complexity that is actually needed.
Let's eliminate, hubs since they are extremely scarce at this point in the 21st Century. No VLANs since they are unmanaged SW. Of course the will be the default VLAN as define by the OS in the SW, otherwise noting will communicate, right? Just common sense.
Instead of guessing here is a kind of a network diag:
Hopes this help a bit.
-
@g405tsh311 If something is masquerading the inside IP addresses into one address, then you have a router doing NAT or something along those lines. Switches, managed or not, do not alter IP addresses (Unless it is a layer 3 switch which is really a router in that role).
-
Hi there, thank you for your input.
Just to clarified a bit more beside the diagram. The device is just a simple L2 device. I looked a the datasheet and specs and it is very clear it is not a multilayer dev.
Since the device is unmanaged, the is not NAT, specially at L2 where again, are frames being used. But now I am wondering what is in the SW that might be affecting packets passing to the FW????
Let me get back with you in a bit!!!
-
The way I am reading the diagram, is that the PFSense device has 4 NICs. One is WAN, one is the wireless, and there are two other NICs connecting to two 'dumb' switches, one of which connects to more switches. Therefore, there are 4 networks here, assuming these are dumb switches and there are no vlans. So traffic passing between any device connected to the 'root switch' that has all the switches below it, and its port on the PFSense, can all 'talk' to each other provided those devices don't have a firewall on them that blocks ports or IP ranges. By default, they would NOT be able to communicate with the wireless devices or the other dumb switch connected to another port on PFSense, by default. This is also assuming that all the switches are functioning properly, and all the cabling is good. They would NOT, for example be able to see wireless devices, or the items on the other switch that isn't connected to 'root switch' with all the switches below it. It would not see that PFSense port either, but their own default gateway port. If using PFSense for DHCP, for example, it would need to be configured for each of those LAN/OPT ports. If only one of those ports is configured on PFSense, only that port will have visibility into the network. So provided this drawing is correct, make sure that you have configured/enabled all the LAN ports, and any DHCP per PORT.
I hope I haven't misread the diagram, but that is what it looks like to me.
