OPNsense Forum
English Forums => General Discussion => Topic started by: msowka on May 06, 2018, 03:03:00 am
-
Hi folks, I kicked the 'ol consumer router to the curb, and finally setup a proper inet frontend with opnsense. This is new to me but I'm keen to learn, so am left a bit puzzled when I'm seeing the following firewall logs claiming to be blocking traffic.
My setup is as follows, centos 7.4 KVM host: WAN (macvtap) connected to the modem, LAN (macvtap) connected to switch, and additionally an OPT1 for KVM host connectivity. Switch then has a wifi router (Google/TPLink On Hub) subnetting to wifi hosts & some other media appliances.
opnsense LAN is dishing out DHCP over 192.168.42.1/24, and the On Hub does it's thing in a 192.168.86.1 subnet.
... so everything is working great! Except as I explore firewall logs I'm seeing a slew of blocks into LAN (vtnet1)... traffic that seems to be getting NAT'ed just fine (client connectivty etc):
May 6 00:53:19 filterlog: 9,,,0,vtnet1,match,block,in,4,0x0,,63,2082,0,DF,6,tcp,40,192.168.86.22,52.206.150.146,40048,9543,0,A,,3932977683,2730,,
May 6 00:52:07 filterlog: 9,,,0,vtnet1,match,block,in,4,0x0,,63,60382,0,DF,6,tcp,87,192.168.42.2,108.177.14.188,46003,5228,35,PA,775150375:775150410,610185908,1546,,nop;nop;TS
The above are clients from both opnsense & On Hub subnets, and the dest ip are most often google & amazon hosts, that when plugged into browser return the google/amazon landing pages just fine.
So again, my opnsense seems to be working correctly, but I want to understand what these firewall logs are about. I feel as though I'm chasing a red herring, and suspect you'll school me in basic opnsense/freebsd foo.
Would appreciate it, Thanks,
Mike