OPNsense Forum
English Forums => General Discussion => Topic started by: Tecuma on October 04, 2016, 10:25:43 pm
-
hi community,
before i start with my questions i would like to say thank you to the developers and the community about their great work to have this software available.
i am using 16.7.5 on a apu2c4 system from pcengines.
when i check the log files (normal view) i see many entries like the attached screen shot.
a click on the line tells me it comes from rule 67.
@67 pass out log route-to (pppoe0 213.148.133.205) inet from 92.194.107.220 to ! 92.194.0.0/15 flags S/SA keep state allow-opts label "let out anything from firewall host itself"
i have not created such a rule by myself directly.
is this a automatic / default rule?
i am a bit irritated because it says pass to a connection attempt from my opnsense box to a host unknown to me on port 80.
can someone explain this entry in the log file please.
best regards
--christian
-
Hi Christian,
Yes this is an automatic rule that is part of the filter. What it does is allow traffic from the firewall to the gateway, see the following code used by the filter to construct the rule:
$ipfrules .= "pass out {$log['pass']} route-to ( {$ifcfg['if']} {$gw} ) from {$ifcfg['ip']} to !{$ifcfg['sa']}/{$ifcfg['sn']} keep state allow-opts label \"let out anything from firewall host itself\"\n";
However looking at the screenshot it shows that you have an incoming connection on the WAN interface on a high portnumber, so I expect it is in reply of a request from your LAN. This is what the firewall should do unless you block this traffic specifically.
In normal situations you can reach every ip on the internet from you LAN segment.
Anyway, the IP you do not know is from Firefox see http://forums.mozillazine.org/viewtopic.php?f=7&t=2918075.
Best regards,
Jos
-
hello jos,
many thanks for your answer and information.
best regards
--christian