Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Traffic logs

    Routing and Multi WAN
    3
    7
    3902
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      Bunz last edited by

      I just set up a WAP filtering bridge using 1.0-beta1 and all seems to be working.

      ADSL(192.168.5.1) <–> pfsense, fxp0(192.168.5.254) -- pfsense, ath0 (192.168.5.254) <--> wifi pcs

      My question is to do with traffic log constantly logging

      1. 457076 rule 36/0(match): block in on fxp0: 192.168.5.254 > 0.0.0.0:  pfsync 676
      000059 rule 36/0(match): block in on bridge0: 192.168.5.254 > 0.0.0.0:  pfsync 676
      000033 rule 36/0(match): block in on fxp0: 192.168.5.254 > 0.0.0.0:  pfsync 676
      1. 542835 rule 36/0(match): block in on fxp0: 192.168.5.254 > 0.0.0.0:  pfsync 228
      000064 rule 36/0(match): block in on bridge0: 192.168.5.254 > 0.0.0.0:  pfsync 228
      000024 rule 36/0(match): block in on fxp0: 192.168.5.254 > 0.0.0.0:  pfsync 228
      2. 000307 rule 36/0(match): block in on fxp0: 192.168.5.254 > 0.0.0.0:  pfsync 228
      000058 rule 36/0(match): block in on bridge0: 192.168.5.254 > 0.0.0.0:  pfsync 228
      000023 rule 36/0(match): block in on fxp0: 192.168.5.254 > 0.0.0.0:  pfsync 228
      2. 000387 rule 36/0(match): block in on fxp0: 192.168.5.254 > 0.0.0.0:  pfsync 676
      000056 rule 36/0(match): block in on bridge0: 192.168.5.254 > 0.0.0.0:  pfsync 676
      000023 rule 36/0(match): block in on fxp0: 192.168.5.254 > 0.0.0.0:  pfsync 676
      2. 000352 rule 36/0(match): block in on fxp0: 192.168.5.254 > 0.0.0.0:  pfsync 228
      000056 rule 36/0(match): block in on bridge0: 192.168.5.254 > 0.0.0.0:  pfsync 228

      Why?

      Also rules on WAN work fine, I don't have any rules on LAN except to allow DHCP back to WAN but everything works anyway. I can ssh or connect to 80 without any problem. Are there implied rules on the LAN?

      1 Reply Last reply Reply Quote 0
      • S
        sullrich last edited by

        What version are you running?  This is fixed in the latest prebeta2 version.

        1 Reply Last reply Reply Quote 0
        • B
          Bunz last edited by

          1.0-BETA1
          built on Mon Dec 26 03:18:19 UTC 2005

          1 Reply Last reply Reply Quote 0
          • S
            sullrich last edited by

            You need to update: http://www.pfsense.com/~sullrich/BETA2-BUGVALIDATION5/

            1 Reply Last reply Reply Quote 0
            • B
              Bunz last edited by

              I understand from previous threads that the filtering bridge blocks everything unless there's a rule.

              I don't see this though. WAN blocks everything by default, LAN allows everything by defualt.

              If I set BLOCK rule on LAN

              Proto  Source  Port  Destination  Port  Gateway  Description 
              X *         *              *     *                 * *               block all

              I can stilll connect to 80 and ssh. there doesn't seem to be any filtering on LAN

              1 Reply Last reply Reply Quote 0
              • S
                sullrich last edited by

                System -> Advanced -> Enable Filtering Bridge

                1 Reply Last reply Reply Quote 0
                • H
                  hoba last edited by

                  @Bunz:

                  I understand from previous threads that the filtering bridge blocks everything unless there's a rule.

                  I don't see this though. WAN blocks everything by default, LAN allows everything by defualt.

                  If I set BLOCK rule on LAN

                  Proto  Source  Port  Destination  Port  Gateway  Description 
                  X *         *              *     *                 * *               block all

                  I can stilll connect to 80 and ssh. there doesn't seem to be any filtering on LAN

                  There is an anti logout rule at lan (so you don't shut down access to the webgui accidently). You can disable that at system>advanced as well.

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post

                  Products

                  • Platform Overview
                  • TNSR
                  • pfSense Plus
                  • Appliances

                  Services

                  • Training
                  • Professional Services

                  Support

                  • Subscription Plans
                  • Contact Support
                  • Product Lifecycle
                  • Documentation

                  News

                  • Media Coverage
                  • Press
                  • Events

                  Resources

                  • Blog
                  • FAQ
                  • Find a Partner
                  • Resource Library
                  • Security Information

                  Company

                  • About Us
                  • Careers
                  • Partners
                  • Contact Us
                  • Legal
                  Our Mission

                  We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                  Subscribe to our Newsletter

                  Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                  © 2021 Rubicon Communications, LLC | Privacy Policy