Need your help to this
-
Hi.
I' am new to pfsense and i have been testing it with great satisfaction. Since some days i have a strange problem. My firewall log is full of:
Act Time If Source Destination Proto
block Dec 9 14:53:16 WAN 10.33.63.254:67 255.255.255.255:68 UDP
block Dec 9 14:53:16 WAN 10.33.63.254:67 255.255.255.255:68 UDP
block Dec 9 14:53:20 WAN 10.33.63.254:67 255.255.255.255:68 UDP
block Dec 9 14:53:24 WAN 10.33.63.254:67 255.255.255.255:68 UDP
block Dec 9 14:53:24 WAN 10.33.63.254:67 255.255.255.255:68 UDP
block Dec 9 14:53:26 WAN 10.33.63.254:67 255.255.255.255:68 UDP
and so on…..What does this mean ?
Thanks
-
That is DHCP traffic.. There is going to be LOADS of it on the wan side of your internet connection.
-
That is DHCP traffic.. There is going to be LOADS of it on the wan side of your internet connection.
Thanks for helping. What is confusing me is that private 10.33.63.. ip that is always there. its always the same ip since 4 days now. we are talking about a log with this ip for almost every second. it was not hapening until now.
-
Its prob your isp dhcp server.. Since I assume your pfsense IP is public, ie not rfc1918 address space 10.x.x.x, 192.168.x.x, 172.16-31.x.x
Or it could be a misconfigured something that is connected to same broadcast domain as you on your isp.. Its typical internet noise that no you shouldn't log :)
You can adjust your firewall rules not to log it so it does not fill up your logs - but the traffic is still going to be there.. I don't see any of it in my logs, but take a look
from packet capture for like 1 second
11:47:32.837986 IP 96.120.27.233.67 > 255.255.255.255.68: UDP, length 301
11:47:32.908799 IP 96.120.27.233.67 > 255.255.255.255.68: UDP, length 301 -
Its prob your isp dhcp server.. Since I assume your pfsense IP is public, ie not rfc1918 address space 10.x.x.x, 192.168.x.x, 172.16-31.x.x
Or it could be a misconfigured something that is connected to same broadcast domain as you on your isp.. Its typical internet noise that no you shouldn't log :)
You can adjust your firewall rules not to log it so it does not fill up your logs - but the traffic is still going to be there.. I don't see any of it in my logs, but take a look
from packet capture for like 1 second
11:47:32.837986 IP 96.120.27.233.67 > 255.255.255.255.68: UDP, length 301
11:47:32.908799 IP 96.120.27.233.67 > 255.255.255.255.68: UDP, length 301Thanks a lot.
So no need to worry about it. Must be the bridged cable modem of my provider that have been updated by them and caused this.