Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Filtering bridge and tcpdump on other hosts

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 1.5k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tommie
      last edited by

      Hi,

      today I recieved a complaint from one of the customers of our colocation provider.  He thought our server was hacked and sending a lot of traffic to his server.

      however further investigation shows that he sees the traffic that is send to one of our ips on the lan side of the filtering bridge.  example we have streaming on port 8001 and he sees in his tcpdump … my ip at home > ip in colocation center poort 8000.

      Our provider uses a switch and the network is set up as followed:
      network provider/24 -> WAN pfsense (filtering bridge) LAN -> our internal switch -> our servers with public ipaddress of our network provider /24

      So the client that is complaining is on the network provider/24 part.

      Can this be caused by pfsense, maybe misconfiguration or is something else going on on the network of our provider.  i have also activated bantwithd and ntop on the pfsense and i also see traffic for other hosts on the netwerk.  when i use tcpdump without parameters in the shell of pfsense then i don't see any abnormal traffic passing by.

      I really need to know if pfsense could cause this, or that this is a misconfiguration on the side of my provider or that this is normal behaviour.

      Ps i followed these directions to set up the filtering bridge: http://pfsense.trendchiller.com/transparent_firewall.pdf
      thanks in advance.

      1 Reply Last reply Reply Quote 0
      • E
        eri--
        last edited by

        It is a transparent bridge. Or in poor words it is a piece of copper to the network.

        Only your switch is forwarding wrong traffic or the provider is doing something else or ….

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.