On 10-12-04 04:26 PM, David Burgess wrote:
My WAN is mlppp with a static public IP address. pfSense is 2.0 beta4.
Out of curiosity I disabled the check box on the WAN config page to
block private networks. I then created an alias for RFC1918 and
loopback addresses and manually created a logging reject rule at the
top of the WAN rules for this alias. To my surprise the rule started
logging packets at a rate of around 4/minute, suggesting that my ISP
is not dropping these as prescribed in the RFC.
Before I bring this to their attention, I wanted to ask the list a
couple related questions:
1. Is there any reason for an ISP to forward these packets? AFAIK, my
ISP does no NATing ever, and every customer gets only publicly
routable IP addresses from them.
2. Is there a chance that my logs are misrepresenting, like maybe
these packets came from an internal interface, even though the log
shows they are from the WAN?
Here's a snippet from the Firewall Log page to illustrate what I'm seeing.
Dec 4 14:18:44 WAN 192.168.0.2:57198 69.165.225.177:57815 UDP
block
Dec 4 14:17:30 WAN 172.16.36.144:58728 69.165.225.177:40730 TCP:R
block
Dec 4 14:17:10 WAN 172.16.36.144:58661 69.165.225.177:40730 TCP:R
block
Dec 4 14:17:09 WAN 192.168.0.2:22836 69.165.225.177:57815 UDP
block
Dec 4 14:17:06 WAN 192.168.0.2:22836 69.165.225.177:57815 UDP
block
Dec 4 14:15:17 WAN 192.168.9.10:50505 69.165.225.177:49615 UDP
block
Dec 4 14:14:41 WAN 192.168.230.178:56200 69.165.225.177:13945 TCP:R
I would suggest to tcpdump. This way you for sure will know where these
packets are coming from.
Evgeny.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
