Outbound RFC1918 NTP and 192.168.0.254:123

CatSpecial202

Hello,

I've recently turned on my logs for my blocking outbound local and i notice this one is taking up all my logs.

May 9 15:09:06 	WAN 	Block outbound local (1737834391) 	x.x.x.x:8608		192.168.0.254:46455		UDP
May 9 15:09:05 	WAN 	Block outbound local (1737834391) 	x.x.x.x:39846		192.168.0.254:41285		UDP

I went and checked my state table and I can see that i have one state in my state table with this address It seems like it's connecting to my NTP server.

From the state table:

LAN 	udp 	192.168.0.254:46664 -> 10.10.10.1:123 	NO_TRAFFIC:SINGLE 	1 / 0 	76 B / 0 B 	
LAN 	udp 	192.168.0.254:56361 -> 10.10.10.1:123 	NO_TRAFFIC:SINGLE 	1 / 0 	76 B / 0 B

What could be causing this? Is it concerning?

I'm coincidentally also having problems with my NTP server. It will not connect to any pools.

What could be causing this issue?

thanks!

pst

@CatSpecial202 10.10.10.1 is usually the pfBlockerNG redirect address for DNS blocking. If you are using pfBlockerNG, are you using the TOR feed? Some ntp pools used to be co-hosted with TOR exit nodes and was consequently automatically blocked by pfBlockerNG.

I suspect the above to be true in your case. Try another NTP server, like time.nist.gov us and see if that works better.

CatSpecial202

@pst 10.10.10.1 is my firewall LAN address. I'm not using pfblocker for any DNS. That part of pfblocker is disabled. Something is reaching out but my state table is only registering the replys.