Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Strange packets logs to my pfsense.. on a net i dont have?!?

    General pfSense Questions
    2
    3
    2.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      duck7207
      last edited by

      I have 1 local net configured and thats is:
      192.168.0.1 pf sense, local net.
      192.168.0.210 main computer, has port 21 forwarded to only.
      192.168.0.254 my test web / and my test mail server not shared outside the internal network

      the xl0 is my wan network card i know that much but the rest is confusing.
      And now i have found some strange packets in my firewall log:
      2006-02-07 13:28:34 Local0.Info 192.168.0.1 Feb  7 13:28:42 pf: 1. 728786 rule 46/0(match): block in on xl0: (tos 0x0, ttl  50, id 64313, offset 0, flags [none], proto: ICMP (1), length: 97) 217.8.154.197 > 83.227.180.253: ICMP host 192.168.1.112 unreachable, length 77

      2006-02-07 13:28:34 Local0.Info 192.168.0.1 Feb  7 13:28:42 pf: <009>(tos 0x0, ttl  48, id 37254, offset 0, flags [none], proto: UDP (17), length: 69) 83.227.180.253 > 192.168.1.112: [|udp]

      2006-02-07 13:29:48 Local0.Info 192.168.0.1 Feb  7 13:29:56 pf: 6. 244058 rule 46/0(match): block in on xl0: (tos 0x0, ttl  43, id 14982, offset 0, flags [none], proto: ICMP (1), length: 118) 24.34.131.147 > 83.227.180.253: ICMP host 192.168.100.103 unreachable, length 98

      2006-02-07 13:29:48 Local0.Info 192.168.0.1 Feb  7 13:29:56 pf: <009>(tos 0x20, ttl  43, id 44883, offset 0, flags [none], proto: UDP (17), length: 90) 83.227.180.253 > 192.168.100.103: [|udp]

      2006-02-07 13:32:03 Local0.Info 192.168.0.1 Feb  7 13:32:11 pf: 1. 213978 rule 46/0(match): block in on xl0: (tos 0x0, ttl  46, id 13752, offset 0, flags [none], proto: ICMP (1), length: 118) 70.26.174.47 > 83.227.180.253: ICMP host 192.168.1.111 unreachable, length 98

      2006-02-07 13:32:03 Local0.Info 192.168.0.1 Feb  7 13:32:11 pf: <009>(tos 0x0, ttl  46, id 50964, offset 0, flags [none], proto: UDP (17), length: 90) 83.227.180.253 > 192.168.1.111: [|udp]

      i havent any net on 192.168.1.x or 192.168.100.x and i havent configured those net on my pf iether.
      What can i do to get rid of these ? And how come they are linked to a network i dont have ?
      They repet them self from differents ip adresses to differnes internal ip adresses every 1-5 mins.

      btw im running: 1.0-BETA1-TESTING-SNAPSHOT-2-5-06

      1 Reply Last reply Reply Quote 0
      • S
        sullrich
        last edited by

        pfSense is doing its job.  Call your ISP and ask them why you are seeing someone elses traffic.

        1 Reply Last reply Reply Quote 0
        • D
          duck7207
          last edited by

          Ooh forgot to mention. 83.227.180.253 is my wan (static) ip adress.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post