Re: [pfSense Support] suggestion for LAN rule menu
At 01:37 PM 10/7/2005, you wrote: Dan Swartzendruber wrote: I'm not sure what the data is. I was monitoring WAN with ntop, and I assumed it was my windows XP box. Maybe not? I don't see where ntop calls out what the data was. Here's the screenshot: much/most of it appears to be ARP traffic. i guess it's harmless to block it? dunno what the rest of it is... It's all ARP, which isn't touched by any firewall rules (though won't leave the local network, this is layer 2, only way it'll get passed is if you bridge interfaces). If it's legit, it gets answered. If not, it's ignored. Nothing to worry about. great, thanks! - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] suggestion for LAN rule menu
Dan Swartzendruber wrote: I'm not sure what the data is. I was monitoring WAN with ntop, and I assumed it was my windows XP box. Maybe not? I don't see where ntop calls out what the data was. Here's the screenshot: much/most of it appears to be ARP traffic. i guess it's harmless to block it? dunno what the rest of it is... It's all ARP, which isn't touched by any firewall rules (though won't leave the local network, this is layer 2, only way it'll get passed is if you bridge interfaces). If it's legit, it gets answered. If not, it's ignored. Nothing to worry about. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] suggestion for LAN rule menu
At 12:41 PM 10/7/2005, you wrote: Are you bridging any interfaces with the wan interface? nope. -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 11:29 AM To: support@pfsense.com Subject: Re: [pfSense Support] suggestion for LAN rule menu On 10/7/05, Dan Swartzendruber <[EMAIL PROTECTED]> wrote: > p.s. the reason i bumped into this was looking at my ntop data, i noticed a > small amount of non-IP data going out the WAN port. no idea what - i have a > windows box (XP) but it should be doing NETBIOS over TCP (or whatever the > option is), so I thought i'd get rid of that. Hmmm, interesting. For the "default" rule, we allow any protocol out. I'm a little surprised to hear "non-IP" data though as all that should be going out is IP data. Does ntop give you any indication of what the non-IP data is? I'll try a tcpdump on my home boxen and see if we're sending something we shouldn't be. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
RE: [pfSense Support] suggestion for LAN rule menu
Are you bridging any interfaces with the wan interface? -Original Message- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Friday, October 07, 2005 11:29 AM To: support@pfsense.com Subject: Re: [pfSense Support] suggestion for LAN rule menu On 10/7/05, Dan Swartzendruber <[EMAIL PROTECTED]> wrote: > p.s. the reason i bumped into this was looking at my ntop data, i noticed a > small amount of non-IP data going out the WAN port. no idea what - i have a > windows box (XP) but it should be doing NETBIOS over TCP (or whatever the > option is), so I thought i'd get rid of that. Hmmm, interesting. For the "default" rule, we allow any protocol out. I'm a little surprised to hear "non-IP" data though as all that should be going out is IP data. Does ntop give you any indication of what the non-IP data is? I'll try a tcpdump on my home boxen and see if we're sending something we shouldn't be. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] suggestion for LAN rule menu
On 10/7/05, Dan Swartzendruber <[EMAIL PROTECTED]> wrote: > p.s. the reason i bumped into this was looking at my ntop data, i noticed a > small amount of non-IP data going out the WAN port. no idea what - i have a > windows box (XP) but it should be doing NETBIOS over TCP (or whatever the > option is), so I thought i'd get rid of that. Hmmm, interesting. For the "default" rule, we allow any protocol out. I'm a little surprised to hear "non-IP" data though as all that should be going out is IP data. Does ntop give you any indication of what the non-IP data is? I'll try a tcpdump on my home boxen and see if we're sending something we shouldn't be. --Bill - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] suggestion for LAN rule menu
At 10:49 AM 10/7/2005, you wrote: On 10/7/05, Dan Swartzendruber <[EMAIL PROTECTED]> wrote: > > allowable protocol can be tcp/udp, and it add separate rules for tcp > and udp. cool. unfortunately, you then have to add one manually for > icmp assuming one wants to be able to ping outside hosts. how about > tcp/udp/icmp also/instead? tcp and udp require ports (or any) and icmp requires no ports, so "any" would have to be the setting. I can see more problems than benefits from that. good point. --Bill PS. we actually only add one rule if you choose tcp/udp - pf does the heavy lifting of making that two rules (which is why 'keep state' is the only state option you can choose for tcp/udp). ah, okay. didn't know that. p.s. the reason i bumped into this was looking at my ntop data, i noticed a small amount of non-IP data going out the WAN port. no idea what - i have a windows box (XP) but it should be doing NETBIOS over TCP (or whatever the option is), so I thought i'd get rid of that.
Re: [pfSense Support] suggestion for LAN rule menu
On 10/7/05, Dan Swartzendruber <[EMAIL PROTECTED]> wrote:> > allowable protocol can be tcp/udp, and it add separate rules for tcp> and udp. cool. unfortunately, you then have to add one manually for > icmp assuming one wants to be able to ping outside hosts. how about> tcp/udp/icmp also/instead? tcp and udp require ports (or any) and icmp requires no ports, so "any" would have to be the setting. I can see more problems than benefits from that.--Bill PS. we actually only add one rule if you choose tcp/udp - pf does the heavy lifting of making that two rules (which is why 'keep state' is the only state option you can choose for tcp/udp).
[pfSense Support] suggestion for LAN rule menu
allowable protocol can be tcp/udp, and it add separate rules for tcp and udp. cool. unfortunately, you then have to add one manually for icmp assuming one wants to be able to ping outside hosts. how about tcp/udp/icmp also/instead? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]