Firewall log question - what am I looking at



  • Ok here is a new firewall log can someone explain to me

    75.37.58.121 is the ATT DSL IP connection
    192.168.0.1 is the ATT modem
    192.168.1.1/24 my local LAN

    Why is the ATT modem showing up so often in the log?
    My computer local lan is 192.168.1.1/24 why can I still open up my modem on 192.168.0.1 isnint that a different net?
    What is 82.231.23.203 and why is it showing in the log?
    What is 219.146.255.147 and why is it showing in the log?


  • Rebel Alliance Global Moderator

    Didn't we go over this already??

    Before you my att dsl modem was at 192.167.0.1 and you were seeing SSDP to multicast address on your LAN port.

    I asked in that thread how your connected since you should be seeing traffic from your modem on your LAN interface.

    Please draw out your network connection,  And you changed your modem lan IP??  So your creating a PPPoE connection of your modem/router that is already making the connection for you??  Thanks what it sounds like to me really.

    I have not seen a plain jane dsl modem in years and years, they are ALL gateway devices, ie modem/router combos that do NAT..  I would have to assume with that 192.168.0.1 address its natting.

    Anywho – as to seeing traffic from your "modem"  Normally any traffic from a private would be blocked and not logged per this setting

    Block private networks
    When set, this option blocks traffic from IP addresses that are reserved for private networks as per RFC 1918 (10/8, 172.16/12, 192.168/16) as well as loopback addresses (127/8).  You should generally leave this option turned on, unless your WAN network lies in such a private address space, too.

    So you must of turned that rule off?  Why??



  • I still do not understand and some of the things have been cleared up found a dlink router being used as a switch/hub with no wan took it out etc.

    The DSL modem has not changed it is a standalone I have about 50 of these laying around from a former venture
    http://www.calweb.com/dsl/SpeedStream_4100.pdf

    Diagram of connection
    DSL4100 DEVICE>  cat5e > Network connection 1 on eMachine > pesense software on eMachine > Network connection 2 > cat5e > netgear gigabit switch > home network consisting of 6 ubiquity wireless powerstations 6 acting in bridge mode + 2 picostations as in station mode. > a bunch of pc's, gameboys, several ps3's wii's laptops, cell phones w/wifi and a kindle.

    the modem is connected via pppoe and the pcfsense box is connected via dhcp to the modem


  • Rebel Alliance Global Moderator

    Well 3rd bullet from linked to pdf for your "modem"

    "Network address translation"

    So what mode is this 4100 in?

    From this manual for the 4100 and 4200 series "ROUTER" which what you have there not just a modem.
    http://internet.bell.ca/img_gallery/SpeedStream4200_EN.pdf

    If the device is in bridge mode you loose ppp
    The second mode of operation provides only "bridging" functionality. This applies to both WAN-to-LAN connectivity as well as to all LAN-side interfaces. Point-to-Point (PPP) connections are not available under the bridge mode of operation

    So you would then have to do your PPPoE on your pfsense box – which would make more sense when I see your public IP there in your logs.

    Also says if you put it in bridge mode that you would loose access to its interface

    Important! If you switch to Bridge mode, you will lose access to the Web management interface and can only return to Router mode by resetting the Router to factory defaults.

    So since you say you can access 192.168.0.1 tells me your in router/NAT mode??  Which if your going to be using your pfsense box for you wouldn't want.

    How is your pfsense box getting a public IP on its wan interface if your "4100" is doing nat??



  • Ok I reinstalled pfsense current 2.0 again, and this time set up the modem as a passthrough with pppoe on router or computer mode,
    Set up pppoe on  pfsense to get DSL working and this stopped access to 192.168.0.1 and that error has gone away


Locked