Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    bootp broadcast

    Firewalling
    2
    3
    628
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • muaddiibhM
      muaddiibh
      last edited by

      I've got a toilet paper roll length firewall log showing:

      WAN 10.2.40.1:67 โ†’ 255.255.255.255:68

      Screenshot 2023-04-07 at 11-15-28 pfsense - Status System Logs Firewall.png

      1. How can packets from a non-routable, private IP space (10.0.0.0/8) arrive at my firewall?
      2. .. and worse, actually go through/into my network then broadcast (255.255.255.255) itself across my internal network?

      Am I reading this correctly?

      This does not look like legitimate traffic and makes me think my firewall has an inbound leak making me scramble to see how to plug that hole ...

      Would appreciate your insights ๐Ÿ‘ ๐Ÿ˜Š

      1 Reply Last reply Reply Quote 0
      • T
        Tzvia
        last edited by

        Looks like there is a rule 'allow dhcp client out WAN (100000056)'. Is PFSense behind another router (double NAT) on the 10.2.40.0 WAN network?

        Tzvia

        Current build:
        Hunsn/CWWK Pentium Gold 8505, 6x i226v 'micro firewall'
        16 gigs ram
        500gig WD Blue nvme
        Using modded BIOS (enabled CSTATES)
        PFSense 2.72-RELEASE
        Enabled Intel SpeedShift
        Snort
        PFBlockerNG
        LAN and 5 VLANS

        muaddiibhM 1 Reply Last reply Reply Quote 0
        • muaddiibhM
          muaddiibh @Tzvia
          last edited by muaddiibh

          @tzvia thanks for writing.

          Internet โ†’ Cable Modem โ†’ Firewall (pfsense)

          The firewall is connected to the cable modem. There are no other routers.
          pfsense does get its WAN IP via DHCP โ€ฆ

          PS: To be honest, I haven't had the time yet to plug into the cable modem to check its configs. First thought was whether this inbound observation was something sophisticated and beyond my experience.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.