In my home network I have a MEDIA VLAN I use for all kinds of devices (gaming consoles, STB, Google Home, Chromecasts, Smart TVs etc). Some are wired others are WiFi. I used Ubiqiti Unifi APs and switches.
Over the past few days I noticed in the FW logs entries of some Google devices trying to connect to my TV STB (Android TV based). Being on the same VLAN and broadcast domain (192.168.177.0/24) I would not expect to see any traffic "captured" by the log. Those devices should be able to connect to each other without going through OPNsense.
However in the logs (attached) I can see a bunch of 192.168.177.xx devices trying to reach my STB box (192.168.177.55) on UDP 10006. In order to keep the logs "clean" I added an allow rule for that traffic, but I do not understand why this is happening. It does not make sense to me.
Hi opn_nwo,
TO my understanding packets having source and destination in the same net (in your case 192.168.177.0/24) do not need a router to reach the target machine.
On the other hand your router is part of 192.168.177.0/24 as well. So I assume the router take the packets and discard them based on your rules.
Base on this I would think that everything works fine before you added the "log suppressing" rule.
Kind Regards,
Thomas