Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Strange packets logs to my pfsense.. on a net i dont have?!? New

    Scheduled Pinned Locked Moved General pfSense Questions
    3 Posts 3 Posters 1.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D Offline
      Douglas879
      last edited by

      have 1 local net configured and thats is:
      192.168.0.1 pf sense, local net.
      192.168.0.210 main computer, has port 21 forwarded to only.
      192.168.0.254 my test web / and my test mail server not shared outside the internal network

      the xl0 is my wan network card i know that much but the rest is confusing.
      And now i have found some strange packets in my firewall log:
      2006-02-07 13:28:34  Local0.Info  192.168.0.1 Feb  7 13:28:42 pf: 1. 728786 rule 46/0(match): block in on xl0: (tos 0x0, ttl  50, id 64313, offset 0, flags [none], proto: ICMP (1), length: 97) 217.8.154.197 > 83.227.180.253: ICMP host 192.168.1.112 unreachable, length 77

      2006-02-07 13:28:34  Local0.Info  192.168.0.1 Feb  7 13:28:42 pf: <009>(tos 0x0, ttl  48, id 37254, offset 0, flags [none], proto: UDP (17), length: 69) 83.227.180.253 > 192.168.1.112: [|udp]

      2006-02-07 13:29:48  Local0.Info  192.168.0.1 Feb  7 13:29:56 pf: 6. 244058 rule 46/0(match): block in on xl0: (tos 0x0, ttl  43, id 14982, offset 0, flags [none], proto: ICMP (1), length: 118) 24.34.131.147 > 83.227.180.253: ICMP host 192.168.100.103 unreachable, length 98

      2006-02-07 13:29:48  Local0.Info  192.168.0.1 Feb  7 13:29:56 pf: <009>(tos 0x20, ttl  43, id 44883, offset 0, flags [none], proto: UDP (17), length: 90) 83.227.180.253 > 192.168.100.103: [|udp]

      2006-02-07 13:32:03  Local0.Info  192.168.0.1 Feb  7 13:32:11 pf: 1. 213978 rule 46/0(match): block in on xl0: (tos 0x0, ttl  46, id 13752, offset 0, flags [none], proto: ICMP (1), length: 118) 70.26.174.47 > 83.227.180.253: ICMP host 192.168.1.111 unreachable, length 98

      2006-02-07 13:32:03  Local0.Info  192.168.0.1 Feb  7 13:32:11 pf: <009>(tos 0x0, ttl  46, id 50964, offset 0, flags [none], proto: UDP (17), length: 90) 83.227.180.253 > 192.168.1.111: [|udp]

      i havent any net on 192.168.1.x or 192.168.100.x and i havent configured those net on my pf iether.
      What can i do to get rid of these ? And how come they are linked to a network i dont have ?
      They repet them self from differents ip adresses to differnes internal ip adresses every 1-5 mins.

      btw im running: 1.0-BETA1-TESTING-SNAPSHOT-2-5-06

      1 Reply Last reply Reply Quote 0
      • ? This user is from outside of this forum
        Guest
        last edited by

        Why the heck are you running something that old?  You know there have been several major releases and literally thousands of bugs fixed in the years since the version you're running right?

        1 Reply Last reply Reply Quote 0
        • C Offline
          cmb
          last edited by

          Those host unreachables are coming back from your ISP probably because something inside your network is trying to access something on that private subnet, which you don't have internally so it gets routed out to the Internet. They shouldn't be getting blocked if that's the case though, could be any number of things, weird noise on the Internet is pretty much the norm.

          And yes, you should definitely upgrade. Though I doubt if it changes that.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.