"
I suspected state problems and rebooted the firewall.
Now I see way more of such blocked packages:
Now I see way more of such blocked packages:
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
General Discussion / Re: The "let out anything from firewall host itself (force gw)" logs ...
June 09, 2025, 11:53:50 AM #2
General Discussion / Re: The "let out anything from firewall host itself (force gw)" logs ...
June 09, 2025, 11:21:00 AM
As I now can see the real traffic, I noticed something strange, @meyergru
The log shows that one of my LAN clients contacts the Apple IP 17.57.146.57
That is not strange by itself, but it get's blocked by a rule AFTER a rule that allows any traffic from the LAN network to the internet!
So this traffic should have been allowed by the first rule.
But instead, it get's blocked by the second rule.
I have no explanation for this.
And the second strange thing is, that another LAN clients tries to connect the private, reserved IP 198.18.0.1 for DNS.
This should not be a routable IP from my understanding.
The log shows that one of my LAN clients contacts the Apple IP 17.57.146.57
That is not strange by itself, but it get's blocked by a rule AFTER a rule that allows any traffic from the LAN network to the internet!
So this traffic should have been allowed by the first rule.
But instead, it get's blocked by the second rule.
I have no explanation for this.
And the second strange thing is, that another LAN clients tries to connect the private, reserved IP 198.18.0.1 for DNS.
This should not be a routable IP from my understanding.
#3
General Discussion / Re: The "let out anything from firewall host itself (force gw)" logs ...
June 09, 2025, 02:17:33 AMQuote from: meyergru on June 09, 2025, 01:41:00 AMYou cannot view this attachment.
Great many thanks, @meyergru 🤗
ChatGPT did not come to this idea, and I thought that this is not the right option for this (I was searching for a way to manipulate the automatic rules, or to change routing in a way that the traffic comes from the IP of the firewall in each net ...)
But unticking those options did the trick! 🥂
#4
General Discussion / The "let out anything from firewall host itself (force gw)" logs ...
June 09, 2025, 01:34:30 AM
Those countless "let out anything from firewall host itself (force gw)" logs are driving me crazy.
The traffic that get's logged here is clearly NOT from the firewall, but from local networks like LAN, which get routed out over the WAN IP.
I tried for hours to get rid of those logs, followed countless "ideas" of ChatGPG, but finally I need help from people who know ...
I know that I can get rid of the "force gw" part by disabling forced gateways, but that does not remove the logs.
There also does not seem to exist any way to remove or edit automatic logs.
But I really don't want this immense amount of logs for regular traffic!
Maybe there is a way to fix this with pfctl commands?
Or somehow change the routing in a way that this regular traffic does NOT appear to come from the public WAN IP?
Right now, it seems that all people using OPNsense will have all of this logged - which is irritating.
My setup:
OPNsense attached via WAN interface to TP-Link router in Bridge Mode.
I currently only have LAN [FritzBox as AP for WiFi and LAN), GUEST (work laptop) and PVE (proxmox server) interfaces configured and cabled.
The TP-Link is connected with a second interface too, but I disable that most of the time - when I need to access it's admin web UI.
Any idea how I (and lots and lots of people) could get rid of this (somewhat wrong) logging?
Any help is greatly appreciated! 🤗
The traffic that get's logged here is clearly NOT from the firewall, but from local networks like LAN, which get routed out over the WAN IP.
I tried for hours to get rid of those logs, followed countless "ideas" of ChatGPG, but finally I need help from people who know ...
I know that I can get rid of the "force gw" part by disabling forced gateways, but that does not remove the logs.
There also does not seem to exist any way to remove or edit automatic logs.
But I really don't want this immense amount of logs for regular traffic!
Maybe there is a way to fix this with pfctl commands?
Or somehow change the routing in a way that this regular traffic does NOT appear to come from the public WAN IP?
Right now, it seems that all people using OPNsense will have all of this logged - which is irritating.
My setup:
OPNsense attached via WAN interface to TP-Link router in Bridge Mode.
I currently only have LAN [FritzBox as AP for WiFi and LAN), GUEST (work laptop) and PVE (proxmox server) interfaces configured and cabled.
The TP-Link is connected with a second interface too, but I disable that most of the time - when I need to access it's admin web UI.
Any idea how I (and lots and lots of people) could get rid of this (somewhat wrong) logging?
Any help is greatly appreciated! 🤗
Pages1
