OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • Unexpected traffic when network is idle
« previous next »
  • Print
Pages: [1]

Author Topic: Unexpected traffic when network is idle  (Read 101 times)

Temperance

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Unexpected traffic when network is idle
« on: December 02, 2024, 09:20:27 pm »

Hello,

I am running OPNsense 24.7.8-amd64.

With the "Default LAN to any rule" for IPv4 and IPv6 disabled, which is positioned below a few custom rules for LAN (Allow ping to this firewall, Allow DNS, block private ranges, a blocklist rule) along with a blocklist rule for WAN, I find that the IP address for the machine I am accessing the GUI with is shown in the Live View log to be trying to access, mostly, the IP address for the ISP, up to 12 times a second.  The Label is "Default deny/state violation rule."

Occasionally there is a pair of Loopbacks, with label "let out anything from the firewall host itself", and also occasionally a different IP address as the destination, in which case the label is "let out anything from firewall host itself (force gw)".

There is no other client machine connected to the switch right now, so the network is simply the OPNsense machine, the node with which GUI is accessed, and the switch between them. 

If I enable the "Default allow LAN to any rule" IPv4 version, I see in the Live View again many attempts to access outside the network, the vast bulk of the IP's that come up are for Google, Microsoft, Amazon.  Meanwhile, the only thing I am accessing with the machine's browser (Firefox) is the OPNsense GUI.

Is this traffic to be expected, or is this cause for concern that my system has a problem?

I apologize if this type of issue has been covered before on the forum; I was unable to find any thread addressing this.

Regards,
Temperance
Logged

cookiemonster

  • Hero Member
  • *****
  • Posts: 1827
  • Karma: 95
    • View Profile
Re: Unexpected traffic when network is idle
« Reply #1 on: December 02, 2024, 10:15:37 pm »
The traffic you see in the Live viewer is what the firewall receives, so from your description it sounds like your PC is originating all that traffic. Only when you put a lens like OPN on your network that you realise how much chat goes out from your devices.
Logged

Temperance

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Re: Unexpected traffic when network is idle
« Reply #2 on: Today at 04:33:26 am »
Thanks for your reply, cookiemonster.

Yes, the PC is the source of the traffic, I have no doubt of that; what I wonder is if all this traffic originating from it is a sign of malware on the PC.  The only other firewall I have experience with (a Sonicwall appliance) does not have an equivalent to the Live View, so I'm not sure what to expect.

Regards,
Temperance
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • General Discussion »
  • Unexpected traffic when network is idle
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2