Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Firewall blocking strange local IP on port 68
« previous
next »
Print
Pages: [
1
]
Author
Topic: Firewall blocking strange local IP on port 68 (Read 1712 times)
sebeksd
Newbie
Posts: 3
Karma: 0
Firewall blocking strange local IP on port 68
«
on:
April 29, 2022, 12:55:35 pm »
Hi,
Recently configured my first OPNsense router and from my point everything works. Yesterday I looked into Firewall logs and I saw strange IP being blocked. I tried to capture this IP on all interfaces to get some more info but it is not showing in captured packets. I guess that it not showing there because it gets filtered by firewall before packets being captured OR it is something internal to OPNsense making this requests (i think this one is true).
So IP mentioned is 192.168.20.1:67 (source) and 192.168.20.107:68 (destination) UDP.
Problem is, my network has 192.160.96/20 IP range, my previous network configuration (before OPNSense) was typical 192.168.1.0/24 (so 192.168.20.1 is also not from some device that I forgot to reconfigure).
Any idea what is it? Should I allow it in my Firewall rules?
More info on screenshots.
Logged
Patrick M. Hausen
Hero Member
Posts: 6826
Karma: 573
Re: Firewall blocking strange local IP on port 68
«
Reply #1 on:
April 29, 2022, 04:56:33 pm »
That's a DHCP reply from a server running on 192.168.20.1 to a client assumed to be at .107.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
meyergru
Hero Member
Posts: 1694
Karma: 166
IT Aficionado
Re: Firewall blocking strange local IP on port 68
«
Reply #2 on:
April 29, 2022, 05:10:48 pm »
Seems like you have a DHCP server running on 192.168.20.1. To investigate, you could configure a machine statically to that subnet and try to scan that IP. You should be able to see the MAC and potentially more, if a web interface is offered.
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
Patrick M. Hausen
Hero Member
Posts: 6826
Karma: 573
Re: Firewall blocking strange local IP on port 68
«
Reply #3 on:
April 29, 2022, 11:23:08 pm »
To see the MAC address using tcpdump -e should be sufficient.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
sebeksd
Newbie
Posts: 3
Karma: 0
Re: Firewall blocking strange local IP on port 68
«
Reply #4 on:
June 09, 2022, 09:36:53 am »
Sorry for super late response.
I was monitoring my network and cleaning up some forgotten devices (to reconfigure them to my new network settings).
I did tcpdump like pmhausen suggested and now I'm 100% sure this request comes from within OPNsense
tcpdump -e -nn -i bridge0 > tcp3.dump
09:14:21.790999 24:f5:a2:a6:72:2c > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), length 420: vlan 4, p 0, ethertype IPv4, 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 24:f5:a2:a6:72:2c, length 374
09:14:21.791968 24:f5:a2:a6:70:60 > 24:f5:a2:a6:72:2c, ethertype 802.1Q (0x8100), length 346: vlan 4, p 0, ethertype IPv4, 192.168.20.1.67 > 192.168.20.107.68: BOOTP/DHCP, Reply, length 300
I'm not using vlans anywhere in my network. What can I do with it? Why this is happening?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Firewall blocking strange local IP on port 68