Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Block in on 224.0.0.1 igmp query v2 gaddr 235.1.1.1

    Firewalling
    2
    4
    4505
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      damascene last edited by

      Hello,

      I've been using pfSense for months now and it's one of the best things I've seen in my life.

      While I was checking the filter logs I've found the following messages, it keep going for ever. I've searched but didn't get a chance to know what are these or how to stop them. Could you please help me on this issue?

      
      00:00:03.737036 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      00:00:01.000718 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      00:00:07.893703 rule 32/0(match): block in on em0: 192.168.5.1 > 224.0.0.1: igmp query v2 [max resp time 10]
      00:00:01.126395 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      00:00:01.001383 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      00:00:08.999496 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      00:00:01.001982 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      00:00:08.998822 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      00:00:01.000671 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      00:00:09.000401 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      00:00:01.001050 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      00:00:08.999656 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      00:00:01.001789 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      00:00:08.999134 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      00:00:01.000338 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      00:00:06.151840 rule 21/0(match): block in on rl0: 192.168.2.1 > 224.0.0.1: igmp query v2
      00:00:02.848594 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      00:00:01.001111 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      00:00:08.999879 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      00:00:01.001507 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      00:00:08.999348 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      00:00:01.000160 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      00:00:09.000718 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      00:00:01.002741 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      00:00:08.998080 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      00:00:01.001408 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      00:00:08.999457 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      00:00:01.001945 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      00:00:00.286014 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2
      00:00:00.496478 rule 51/8(ip-option): pass in on rl1: 192.168.1.113 > 224.0.0.252: igmp v2 report 224.0.0.252
      00:00:08.216570 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      00:00:01.002430 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      00:00:03.358270 rule 32/0(match): block in on em0: 192.168.5.1 > 224.0.0.1: igmp query v2 [max resp time 10]
      00:00:05.639985 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      00:00:01.001214 rule 1/0(match): block in on rl1: 0.0.0.0 > 224.0.0.1: igmp query v2 [max resp time 10] [gaddr 235.1.1.1]
      
      

      Connect to our open source http://www.qurancomplex.org/Quran/Targama/Targama.asp

      1 Reply Last reply Reply Quote 0
      • I
        inflamer last edited by

        Hi,

        these are multicast packets. What interface is rl1 on your firewall?

        • Andreas
        1 Reply Last reply Reply Quote 0
        • D
          damascene last edited by

          It's LAN interface.

          Connect to our open source http://www.qurancomplex.org/Quran/Targama/Targama.asp

          1 Reply Last reply Reply Quote 0
          • I
            inflamer last edited by

            Damascene,

            in that case you should be able to run a packet capture on that interface and find the MAC address of the device which is sending these multicast packets.

            • Andreas
            1 Reply Last reply Reply Quote 0
            • First post
              Last post