Strange packets logs to my pfsense.. on a net i dont have?!? New



  • have 1 local net configured and thats is:
    192.168.0.1 pf sense, local net.
    192.168.0.210 main computer, has port 21 forwarded to only.
    192.168.0.254 my test web / and my test mail server not shared outside the internal network

    the xl0 is my wan network card i know that much but the rest is confusing.
    And now i have found some strange packets in my firewall log:
    2006-02-07 13:28:34  Local0.Info  192.168.0.1 Feb  7 13:28:42 pf: 1. 728786 rule 46/0(match): block in on xl0: (tos 0x0, ttl  50, id 64313, offset 0, flags [none], proto: ICMP (1), length: 97) 217.8.154.197 > 83.227.180.253: ICMP host 192.168.1.112 unreachable, length 77

    2006-02-07 13:28:34  Local0.Info  192.168.0.1 Feb  7 13:28:42 pf: <009>(tos 0x0, ttl  48, id 37254, offset 0, flags [none], proto: UDP (17), length: 69) 83.227.180.253 > 192.168.1.112: [|udp]

    2006-02-07 13:29:48  Local0.Info  192.168.0.1 Feb  7 13:29:56 pf: 6. 244058 rule 46/0(match): block in on xl0: (tos 0x0, ttl  43, id 14982, offset 0, flags [none], proto: ICMP (1), length: 118) 24.34.131.147 > 83.227.180.253: ICMP host 192.168.100.103 unreachable, length 98

    2006-02-07 13:29:48  Local0.Info  192.168.0.1 Feb  7 13:29:56 pf: <009>(tos 0x20, ttl  43, id 44883, offset 0, flags [none], proto: UDP (17), length: 90) 83.227.180.253 > 192.168.100.103: [|udp]

    2006-02-07 13:32:03  Local0.Info  192.168.0.1 Feb  7 13:32:11 pf: 1. 213978 rule 46/0(match): block in on xl0: (tos 0x0, ttl  46, id 13752, offset 0, flags [none], proto: ICMP (1), length: 118) 70.26.174.47 > 83.227.180.253: ICMP host 192.168.1.111 unreachable, length 98

    2006-02-07 13:32:03  Local0.Info  192.168.0.1 Feb  7 13:32:11 pf: <009>(tos 0x0, ttl  46, id 50964, offset 0, flags [none], proto: UDP (17), length: 90) 83.227.180.253 > 192.168.1.111: [|udp]

    i havent any net on 192.168.1.x or 192.168.100.x and i havent configured those net on my pf iether.
    What can i do to get rid of these ? And how come they are linked to a network i dont have ?
    They repet them self from differents ip adresses to differnes internal ip adresses every 1-5 mins.

    btw im running: 1.0-BETA1-TESTING-SNAPSHOT-2-5-06



  • Why the heck are you running something that old?  You know there have been several major releases and literally thousands of bugs fixed in the years since the version you're running right?



  • Those host unreachables are coming back from your ISP probably because something inside your network is trying to access something on that private subnet, which you don't have internally so it gets routed out to the Internet. They shouldn't be getting blocked if that's the case though, could be any number of things, weird noise on the Internet is pretty much the norm.

    And yes, you should definitely upgrade. Though I doubt if it changes that.


Log in to reply