Strange packets logs to my pfsense.. on a net i dont have?!?



  • I have 1 local net configured and thats is:
    192.168.0.1 pf sense, local net.
    192.168.0.210 main computer, has port 21 forwarded to only.
    192.168.0.254 my test web / and my test mail server not shared outside the internal network

    the xl0 is my wan network card i know that much but the rest is confusing.
    And now i have found some strange packets in my firewall log:
    2006-02-07 13:28:34 Local0.Info 192.168.0.1 Feb  7 13:28:42 pf: 1. 728786 rule 46/0(match): block in on xl0: (tos 0x0, ttl  50, id 64313, offset 0, flags [none], proto: ICMP (1), length: 97) 217.8.154.197 > 83.227.180.253: ICMP host 192.168.1.112 unreachable, length 77

    2006-02-07 13:28:34 Local0.Info 192.168.0.1 Feb  7 13:28:42 pf: <009>(tos 0x0, ttl  48, id 37254, offset 0, flags [none], proto: UDP (17), length: 69) 83.227.180.253 > 192.168.1.112: [|udp]

    2006-02-07 13:29:48 Local0.Info 192.168.0.1 Feb  7 13:29:56 pf: 6. 244058 rule 46/0(match): block in on xl0: (tos 0x0, ttl  43, id 14982, offset 0, flags [none], proto: ICMP (1), length: 118) 24.34.131.147 > 83.227.180.253: ICMP host 192.168.100.103 unreachable, length 98

    2006-02-07 13:29:48 Local0.Info 192.168.0.1 Feb  7 13:29:56 pf: <009>(tos 0x20, ttl  43, id 44883, offset 0, flags [none], proto: UDP (17), length: 90) 83.227.180.253 > 192.168.100.103: [|udp]

    2006-02-07 13:32:03 Local0.Info 192.168.0.1 Feb  7 13:32:11 pf: 1. 213978 rule 46/0(match): block in on xl0: (tos 0x0, ttl  46, id 13752, offset 0, flags [none], proto: ICMP (1), length: 118) 70.26.174.47 > 83.227.180.253: ICMP host 192.168.1.111 unreachable, length 98

    2006-02-07 13:32:03 Local0.Info 192.168.0.1 Feb  7 13:32:11 pf: <009>(tos 0x0, ttl  46, id 50964, offset 0, flags [none], proto: UDP (17), length: 90) 83.227.180.253 > 192.168.1.111: [|udp]

    i havent any net on 192.168.1.x or 192.168.100.x and i havent configured those net on my pf iether.
    What can i do to get rid of these ? And how come they are linked to a network i dont have ?
    They repet them self from differents ip adresses to differnes internal ip adresses every 1-5 mins.

    btw im running: 1.0-BETA1-TESTING-SNAPSHOT-2-5-06



  • pfSense is doing its job.  Call your ISP and ask them why you are seeing someone elses traffic.



  • Ooh forgot to mention. 83.227.180.253 is my wan (static) ip adress.


Locked