Strange entry in Firewall log from LAN interface?



  • I have been running my PfSense box since January and looking at the logs on several occasions and I have found strange entries. Current release is "2.2.2-RELEASE".

    My LAN addresses are 192.168.20.xxx
    My WAN address from Comcast is 73.217.xxx.xxx

    I find on occasions the following type of entries, and this is one example.

    Interface –-->  LAN
    Source -------> 169.254.119.174
    Destination --> 224.0.0.1

    If my LAN address are in the 192 range how can I be sending something out with a different IP address range than I have on my LAN side? Is this normal? What is going on? If there is somebody wiser than me, maybe they can educate me.

    Thanks!

    Keith

    P.S. The amount of traffic hitting my system is staggering.  I had one attempt from the same IP address incrementing the destination port by a count of one that went on for hours. UGH!



  • Source –-----> 169.254.119.174
    Is an APIPA address, that means the client didnt get an address from your dhcp server
    See here https://wiki.wireshark.org/APIPA

    Destination –> 224.0.0.1
    Is a broadcast address, its trying to find others on your net to comunicate with.

    you shoult try to find out why its not getting ip from dhcp server


  • LAYER 8 Netgate

    Destination –> 224.0.0.1
    Is a broadcast address, its trying to find others on your net to comunicate with.

    Multicast, actually.



  • My DHCP server is the PfSense router/firewall. This is where the ip addresses for the desktop/laptop computers in the house gets their leases.

    I have a few static address that I have set, the PfSense, two small FreeBSD servers, a wireless access point, the managed switch, and three printers.

    I know when this message is produced. It has the same time stamp as the time someone in the house turns on a Windows 7 computer. The Win computer gets a valid lease, 192.168.20.2xx and can connect to the internet OK.

    In my basement I have everything connected to a DLink 24 port managed gigabit switch.

    There is one other event that occurs when the Win computers are turned on. I have Samba set up on the FreeBSD servers for backups, photos, videos, and general storage. The Samba shares do not connect when the Win computers are booted. I have to go in an manual select the network drives to connect them.

    Why this occurs is something I do not know. It would appear that the two events are related.

    Anybody have any ideas?

    Keith




Log in to reply