My WAN is mlppp with a static public IP address. pfSense is 2.0 beta4. Out of curiosity I disabled the check box on the WAN config page to block private networks. I then created an alias for RFC1918 and loopback addresses and manually created a logging reject rule at the top of the WAN rules for this alias. To my surprise the rule started logging packets at a rate of around 4/minute, suggesting that my ISP is not dropping these as prescribed in the RFC.
Before I bring this to their attention, I wanted to ask the list a couple related questions: 1. Is there any reason for an ISP to forward these packets? AFAIK, my ISP does no NATing ever, and every customer gets only publicly routable IP addresses from them. 2. Is there a chance that my logs are misrepresenting, like maybe these packets came from an internal interface, even though the log shows they are from the WAN? Here's a snippet from the Firewall Log page to illustrate what I'm seeing. Dec 4 14:18:44 WAN 192.168.0.2:57198 69.165.225.177:57815 UDP block Dec 4 14:17:30 WAN 172.16.36.144:58728 69.165.225.177:40730 TCP:R block Dec 4 14:17:10 WAN 172.16.36.144:58661 69.165.225.177:40730 TCP:R block Dec 4 14:17:09 WAN 192.168.0.2:22836 69.165.225.177:57815 UDP block Dec 4 14:17:06 WAN 192.168.0.2:22836 69.165.225.177:57815 UDP block Dec 4 14:15:17 WAN 192.168.9.10:50505 69.165.225.177:49615 UDP block Dec 4 14:14:41 WAN 192.168.230.178:56200 69.165.225.177:13945 TCP:R --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
