Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: manilx on July 02, 2022, 06:55:25 PM

Title: 10.79.197.208 blocked in WLAN
Post by: manilx on July 02, 2022, 06:55:25 PM
Hi

I have the block private networks set in wlan. I notice in the firewall log address 10.79.197.208 being blocked going to 224.0.0.1, lots of blocks.
When I disable the block private networks it gets caught in a firewall rule checking against https://iplists.firehol.org/files/firehol_level1.netset

I don't have the slightest clue what this adress is. But it belongs to the OPNsense install as pings to it stop once I shut down the OPNsense VM...

Anyone has a clue what this is?

thx in advance
Title: Re: 10.79.197.208 blocked in WLAN
Post by: Patrick M. Hausen on July 02, 2022, 07:05:05 PM
224.0.0.1 is the all hosts multicast group. Are the packets TCP (probably SYN, then) or UDP? Which target port? If it's UDP 5353 it's probably multicast DNS. You can use a "mdns browser" on a system connected to that WLAN to find out more.

There's "Discovery" for Mac OS and iOS. Don't know about Android or Windows, sorry.
Title: Re: 10.79.197.208 blocked in WLAN
Post by: manilx on July 02, 2022, 09:00:45 PM
Here is a line of the log:

wan      2022-07-02T19:58:44   10.79.197.208   224.0.0.1   igmp   Block private networks from WAN

Can't see a port here.

Title: Re: 10.79.197.208 blocked in WLAN
Post by: manilx on July 02, 2022, 09:10:10 PM
I think I found it:

The ISP router has an IPTV option, which is on and it has this IP (10.79.197.208)...

So I think I'll just add a firewall rule to let this pass.
Title: Re: 10.79.197.208 blocked in WLAN
Post by: manilx on July 02, 2022, 09:19:27 PM
Fixed.....

Used IP in rule, alias wasn't working. But it is now passing.
Text only | Text with Images