My modem is appearing in my logs too often…
Hi folks, I have a modem which I have set up in bridged mode. My ISP feeds me vi PPPoE. I can still access the modems' web server for config purposes via it's own internal LAN IP, if I plug my laptop directly into one of the modems LAN ports. I've set the address of the modem to 10.10.10.10… I cannot ping/access this IP from behind my firewall.
What I am querying, is that this IP is appearing constantly in my firewall logs as being blocked from the WAN interface. Is it normal for my modem to be showing up so often in the logs? That's pretty much all I see!
This is what my setup broadly looks like...
Modem (Bridged 10.10.10.10) -----> pfsense LAN (10.11.11.11) -----> mini-switch ----->PCs (10.11.11.x)
pfsense OPT (10.11.12.11) -----> wireless AP (10.11.12.12)
I hope I've presented all the relevant info - I'm in a hurry to get out so apologies if I've omitted anything important but I can post back from my mobile device if any other info is needed!
Thanks for the help in advance everyone!
Was it something I said? Or indeed didn't say…? Hope someone can help. I've done some more searching but maybe I'm not using the right terms.
And what kind of traffic are you seeing.. What ports? If you have block private enabled which is default and your wan sees traffic from rfc1918 addresses then yes it will block and log.
You can adjust the firewall rules to not log what you want don't want to see in the logs, that ends up being just white noise, etc.
Of Course! Cheers johnpoz! One question though if I may…?
When I'm editing the 'block private networks' rule on the WAN interface, I cannot find the option to disable logging. I see the greyed out blue i icon but no way to activate it. I'm probably just being really stupid mind you...
turn that off, I believe it logs if you enable that built in special rule.
Here is the thing. default wan rule is to block all. So even if you turn off block private IPs - they are still blocked ;) unless you allow them with rules.
If stuff gets logged by the default block rule that you don't want - create special block rules that would block that traffic, and then don't log it.
In 2.1 there are some new options in the Logs, Settings tab to allow you to choose if you want various default rules, or the block bogons and block private networks to log or not. Have a look there, I suspect some combination will be what you need.
johnpoz/phil, thanks so much to you both for your help! I was going to create a custom rule but then I found the option in 'system logs>settings' to NOT log packets blocked by 'Block Private Networks' rules and that seems to have done what I'm after!
Cheers guys! Great help!