Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Outbound RFC1918 NTP and 192.168.0.254:123

    Scheduled Pinned Locked Moved Firewalling
    3 Posts 2 Posters 337 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • CatSpecial202C
      CatSpecial202
      last edited by CatSpecial202

      Hello,

      I've recently turned on my logs for my blocking outbound local and i notice this one is taking up all my logs.

      May 9 15:09:06 	WAN 	Block outbound local (1737834391) 	x.x.x.x:8608		192.168.0.254:46455		UDP
      May 9 15:09:05 	WAN 	Block outbound local (1737834391) 	x.x.x.x:39846		192.168.0.254:41285		UDP
      

      I went and checked my state table and I can see that i have one state in my state table with this address It seems like it's connecting to my NTP server.

      From the state table:

      LAN 	udp 	192.168.0.254:46664 -> 10.10.10.1:123 	NO_TRAFFIC:SINGLE 	1 / 0 	76 B / 0 B 	
      LAN 	udp 	192.168.0.254:56361 -> 10.10.10.1:123 	NO_TRAFFIC:SINGLE 	1 / 0 	76 B / 0 B
      

      What could be causing this? Is it concerning?

      I'm coincidentally also having problems with my NTP server. It will not connect to any pools.

      e33f8b17-6256-478c-a61f-5286755a1307-image.png

      What could be causing this issue?

      thanks!

      P 1 Reply Last reply Reply Quote 0
      • P
        pst @CatSpecial202
        last edited by

        @CatSpecial202 10.10.10.1 is usually the pfBlockerNG redirect address for DNS blocking. If you are using pfBlockerNG, are you using the TOR feed? Some ntp pools used to be co-hosted with TOR exit nodes and was consequently automatically blocked by pfBlockerNG.

        I suspect the above to be true in your case. Try another NTP server, like time.nist.gov us and see if that works better.

        CatSpecial202C 1 Reply Last reply Reply Quote 0
        • CatSpecial202C
          CatSpecial202 @pst
          last edited by CatSpecial202

          @pst 10.10.10.1 is my firewall LAN address. I'm not using pfblocker for any DNS. That part of pfblocker is disabled. Something is reaching out but my state table is only registering the replys.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.