Firewall logs

  • In the list of source IPs in the firewall, should there be non LAN ip adresses showing up as source?

    Theres 1 Ip adress listed as source wich comes from greece, wich is not even where I live.

    Another thing, last night I noticed NETBIOS connection being blocked in the log, and I immidately turned it off in the adapter settings.
    Now when I logged on to pfsense 20min ago at 17:25 my local time, and checked the firewall logs, and theres no firewall logs prior to 17:05 my local time.

    Is there any reasons to belive that Ive been hacked?
    ![source Ips.jpg](/public/imported_attachments/1/source Ips.jpg)
    ![source Ips.jpg_thumb](/public/imported_attachments/1/source Ips.jpg_thumb)

  • Another thing is that theres been no new entries in the firewall for over 30min, no entries at all.

  • Banned

    Excellent job. So, you obfuscated the RFC1918 IPs and left the public ones intact?  ::) ::) ::)

    Post some logs and your firewall rules.

  • The 2 public ones are not my WAN adresses, and they do not belong to me.

    ![airvpn rules.jpg](/public/imported_attachments/1/airvpn rules.jpg)

    ![airvpn rules.jpg_thumb](/public/imported_attachments/1/airvpn rules.jpg_thumb)

  • Banned

  • As my forum title says, Im a junior member in terms of pfsense knowledge, and please, theres no need for emotional outbursts or flames.

    As to my questions regarding if an non LAN ip adress from greece should show up on the firewall logs is still not answered, and the same goes to the question why theres been no more log entries in the firewall logs for more then 60minutes.

    Also, why would netbios be showing up as blocked if Im not using it, nor have other PCs running.

  • Banned

    There's no NetBIOS anywhere on what you posted. There's also no "non LAN ip adress from greece" anywhere on LAN on the screenshots you posted…

  • In the first post in this thread, I attached a picture called sourceip.jpg

    In this screenshot theres 3 LAN IPs ( obfuscated ) and 2 non LAN IPs, none of these 2 IPs belong to me in anyway, 1 of of these non LAN IPs are, this IP traces back to greece.

  • Banned

    Either post relevant logs or just don't bother. Explanation of the logs you posted was already linked above (aka someone closed a browser tab).

  • Just search for the public IPs in the firewall log. Use the filter options and the post these logs here so that we can try to find out what is happening.

Log in to reply