Two separate pfSense boxes tries to connect to each other...?
-
I have set up two pfSense 2.7.2 in a VMWare ESXi server at my home network.
One is "production" that I all my traffic usualy go through, and one is for test.
They are connected to the same Fiber for WAN and both are connected to my LAN and all my 12 VLANsThe do have one public IP each, X.X.35.26 and X.X.35.27
When I check the System Logs I can see on both a lot of blocks on the WAN interface by Default Deny Rule IPv4 (1000000103) UDP from X.X.35.26 to X.X.35.27 on different ports like 45971, 25456, 37306, 18010 and so on.
And I see the some on the other pfSense but the other way around.Why Do I see this traffic?
I don't think there should be any traffic between these servers...
///Peter!
-
Those the source or destination ports?
I wouldn't expect traffic between them on the WAN unless they each have a shared config of some sort. Perhaps something spoofing the IPs so you're actually seeing reply traffic there for example.
-
@stephenw10
They have about the same configs, but on the WAN side they should not know of the others existence what I know off.
Maybe I should capture some traffic and analyze with WireShark...///Peter!
-
So are those the destination port numbers?
Yes a pcap would be useful. Check the MAC addresses are actually the devices in question and not something spoofing the IPs.
-
@Exemption3306 said in Two separate pfSense boxes tries to connect to each other...?:
but on the WAN side they should not know of the others existence what I know off.
If they're using the same ISP and DHCP...they both would be aware of each and could potentially pass traffic between them, such as router gossip.
-
@NollipfSense said in Two separate pfSense boxes tries to connect to each other...?:
router gossip
Ha, I mean I prefer my routers stick to routing.
But in general I would not expect to see them talking to each other. You might see ARP traffic perhaps. You would see BGP/OSPF if that's configured. Otherwise there would be no reason for traffic between the WAN addresses IMO.
-
@stephenw10 said in Two separate pfSense boxes tries to connect to each other...?:
But in general I would not expect to see them talking to each other.
Even if they're connect to the same ISP's box...(port A says to port B, hey B you're still connected, B says yeah man, I am still connected...minutes later B says hey A, you're still connected then B says yeah man, I am still connected) the router gossiping and that's all they do, all day and night, which may or should show in ARP...
-
@NollipfSense but unless you specifically setup something like that, ie exchanging routes.. 2 pfsense boxes setup with the same wan network would not have any clue that there is another pfsense box on the same wan network.. They would have zero reason to talk to each other.. Now they would see each other arping for the gateway that sort of thing - but they sure wouldn't have any reason to talk to each other unless you specifically set something up.
-
Yup, you'd see broadcast traffic from the other firewall but unless you have something configured to do it (or misconfigured!) I wouldn't expect to see unicast between them.
