pfsense blocks 169.254.*.* every 1-5 seconds what is this ???
-
Hello can you guys help me here ? what are all these ???? Different ports as well
Logging for Blocking of Bogon & private networks is off
Do i need to do something about it ? will it crash my pfsense ?
Thanks
-
@asiawatcher 169.254.x.x or link-local in IPv4, also known as APIPA. Normally you see these when set for dhcp can not get an address so it gives itself a random 169.254 address
Are you trying to run a network with 169.254? those 169.254.1.1 is odd, unless you set that as an IP in pfsense?
If you want to use 169.254, which I wouldn't suggest - you prob want to enable pfsense to use those. 169.254/16 is not meant to route, and should really have a ttl of 1 hop, so that it can't be routed.
Under firewall & nat
If your not wanting to use this ip range, I would look to what specific clients are sending it, they really shouldn't have a 169.254 address unless they couldn't get an IP via dhcp.
But there are some devices that attempt to use it - I believe my directv device(s) send traffic out on this.. But I just don't log it.
-
@johnpoz Hello i know this address is given when there is no dhcp available or cant get an ip but im not using those, my internal lan is 192.168.100.* (with .1 being pfsense and .100 carp) and im using pfsense's DHCP server
I dont have any client using those...any clues ?? how can i see which client is doing this ? using wireshark or is there a method with pfsense ?
cheers
-
@asiawatcher so simple would be to do a packet capture on interface you are seeing these, and then look in the packet capture for the mac address sending them
example - as I said my directv box sends out this noise
I just did a packet capture (under diagnostic menu) for 169.254.0.0/16
then downloaded and opened in wireshark, and can see the mac.. You could prob just set your packet capture to full output and it should list the mac as well.
edit: btw I looked and could not find a way to turn off on the directv box. I just don't log such noise is all. You could also possible create a ACL on your switch to not send this on to pfsense interface. If you have a smart switch that can do ACLs
Or just setup a rule in pfsense to not log such traffic.
edit2: 1900 is normally SSDP, and UDP: 32410, 32412, 32413, 32414 is GDM - both are discovery protocols. Once you figure out what is sending it you maybe able to turn it off on the sender, maybe not.. Depends on what is sending it.. Or maybe you just have devices that just didn't get an IP from dhcp for whatever reason, and once they do they will send the discovery from their normal ipv4 address?
edit3: in line with this, plex sends out discovery nonsense like every 10 seconds.. Could not find a way to turn it off, and believe me I looked, finally just setup ACL on my switch to block that ;) I have zero use for it on my network. So plex still sends it, but goes no further than the ports my nas is connected to (plex runs on the nas)..
-
pfsense blocks 169.254.. every 1-5 seconds what is this ???
Your LAN firewall(s) rule :
Disregard the first two rules. The third rule is most probably the same as what you have :
You inform with this rule pfSense, the firewall, that it should allow incoming traffic that has source IP that falls in the scope of "LAN Subnets". In your case, that everything from 192.168.100.2 to 192.168.100.254, or 192.168.100.0/255As per your command, traffic that has a source like "169.254.1.1.1" isn't part of the 192.168.100.0/255, so ... the firewall will block this traffic. And lists it the the firewall log as blocked.
The one and only question is, as said above : why does this LAN device use an AIPA or 169.254.x.x IP ? Most probably because the DHCP negotiation failed. In that case, most devices assign themselves a pretty useless 169.254.x.x IP - with one advantage : you know now that that device needs your assistance.
