Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
Multicast being logged and denied on disabled interface – why?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Multicast being logged and denied on disabled interface – why? (Read 2004 times)
eth0
Newbie
Posts: 9
Karma: 0
Multicast being logged and denied on disabled interface – why?
«
on:
November 21, 2020, 08:56:26 pm »
Ok, I'm new with this, might be a simple question (I hope!) but I can't figure this out.
I have the following interfaces:
LAN1 (igb1)
VLAN10 (igb1_vlan10), with parent LAN1
LAN (bridge0), with member interface LAN1,
not enabled
The bridge is going to include LAN0 (igb0) later. VLAN10 was originally created on the bridge, but I moved (re-parented) it to igb1 directly while solving some other problem, and also unchecked "Enable Interface" on the bridge to take it out of the equation completely.
This is mostly working fine (I have seen some weirdness which I may come back to later), but the disabled LAN bridge is showing traffic in the firewall live view:
⊘
VLAN10
➔
Nov 21 20:38:06
[fe80::18ad:c22e:c697:a75e]:5353
[ff02::fb]:5353
udp
Default deny rule
⊘
LAN
➔
Nov 21 20:38:06
[fe80::18ad:c22e:c697:a75e]:5353
[ff02::fb]:5353
udp
Default deny rule
⊘
LAN
➔
Nov 21 20:38:06
192.168.0.105:5353
224.0.0.251:5353
udp
Default deny rule
⊘
VLAN10
➔
Nov 21 20:38:04
[fe80::25:7c21:b051:7bd7]:5353
[ff02::fb]:5353
udp
Default deny rule
⊘
LAN
➔
Nov 21 20:38:04
[fe80::25:7c21:b051:7bd7]:5353
[ff02::fb]:5353
udp
Default deny rule
⊘
VLAN10
➔
Nov 21 20:38:01
[fe80::25:7c21:b051:7bd7]:5353
[ff02::fb]:5353
udp
Default deny rule
⊘
LAN
➔
Nov 21 20:38:01
[fe80::25:7c21:b051:7bd7]:5353
[ff02::fb]:5353
udp
Default deny rule
⊘
VLAN10
➔
Nov 21 20:38:00
[fe80::25:7c21:b051:7bd7]:5353
[ff02::fb]:5353
udp
Default deny rule
⊘
LAN
➔
Nov 21 20:38:00
[fe80::25:7c21:b051:7bd7]:5353
[ff02::fb]:5353
udp
Default deny rule
⊘
LAN
➔
Nov 21 20:38:00
192.168.0.106:5353
224.0.0.251:5353
udp
Default deny rule
⊘
LAN
➔
Nov 21 20:37:28
192.168.0.101:64657
239.255.255.250:1900
udp
Default deny rule
⊘
VLAN10
➔
Nov 21 20:37:18
[fe80::18ad:c22e:c697:a75e]:5353
[ff02::fb]:5353
udp
Default deny rule
First I thought maybe the connected switch is misbehaving and sending non-tagged frames, which might somehow end up in the wrong place, but soon realized that the same IPv6 multicast packets are also logged on VLAN10 (while IPv4 multicast only gets logged on LAN) – so they must be tagged. I still confirmed this by doing a packet capture on igb1, and couldn't see anything other than vlan10 traffic.
The difference between IPv4 and IPv6 is probably because at the moment I have "IPv6 Configuration Type: None" on VLAN10, but that's not the question I have here.
The actual question I have is: Why does tagged VLAN10 traffic go to the bridge which is not part of that VLAN, *AND* why does anything at all get sent to and logged on the LAN bridge when it's not enabled?
I could of course nuke the bridge and re-create it when I need it, and that would make the problem go away, but I'd like to understand why it's behaving the way it is.
[Edit: Figured out how to (ab)use BBCode to insert logs inline. Screenshot image still attached below, but seems it's not visible if not logged in to the forum.]
«
Last Edit: November 22, 2020, 09:58:04 am by eth0
»
Logged
eth0
Newbie
Posts: 9
Karma: 0
Re: Multicast being logged and denied on disabled interface – why?
«
Reply #1 on:
November 29, 2020, 09:45:45 am »
Some more weirdness with this. I have since added more VLANs, and now I've seen a couple of times multicast packets from VLAN10 hosts logged as if coming from VLAN20.
The first time I noticed this I didn't have time to look into it, and the next time the lines had already been pushed out of the plain view log buffer by the time I looked, so I don't have more details about this.
In addition I still get multicasts from VLAN10 logged as denied on the disabled LAN bridge, but this VLAN20 thing was new.
Not sure how I could investigate this further. I think I'll just remove the currently unused LAN bridge, and that will take care of the spurious logging at least, but I'd still like to understand what's happening. It bothers me if a firewall behaves in ways I don't understand or expect.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
20.7 Legacy Series
»
Multicast being logged and denied on disabled interface – why?