Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Unexpected traffic when network is idle
« previous
next »
Print
Pages: [
1
]
Author
Topic: Unexpected traffic when network is idle (Read 142 times)
Temperance
Newbie
Posts: 2
Karma: 0
Unexpected traffic when network is idle
«
on:
December 02, 2024, 09:20:27 pm »
Hello,
I am running OPNsense 24.7.8-amd64.
With the "Default LAN to any rule" for IPv4 and IPv6 disabled, which is positioned below a few custom rules for LAN (Allow ping to this firewall, Allow DNS, block private ranges, a blocklist rule) along with a blocklist rule for WAN, I find that the IP address for the machine I am accessing the GUI with is shown in the Live View log to be trying to access, mostly, the IP address for the ISP, up to 12 times a second. The Label is "Default deny/state violation rule."
Occasionally there is a pair of Loopbacks, with label "let out anything from the firewall host itself", and also occasionally a different IP address as the destination, in which case the label is "let out anything from firewall host itself (force gw)".
There is no other client machine connected to the switch right now, so the network is simply the OPNsense machine, the node with which GUI is accessed, and the switch between them.
If I enable the "Default allow LAN to any rule" IPv4 version, I see in the Live View again many attempts to access outside the network, the vast bulk of the IP's that come up are for Google, Microsoft, Amazon. Meanwhile, the only thing I am accessing with the machine's browser (Firefox) is the OPNsense GUI.
Is this traffic to be expected, or is this cause for concern that my system has a problem?
I apologize if this type of issue has been covered before on the forum; I was unable to find any thread addressing this.
Regards,
Temperance
Logged
cookiemonster
Hero Member
Posts: 1834
Karma: 95
Re: Unexpected traffic when network is idle
«
Reply #1 on:
December 02, 2024, 10:15:37 pm »
The traffic you see in the Live viewer is what the firewall receives, so from your description it sounds like your PC is originating all that traffic. Only when you put a lens like OPN on your network that you realise how much chat goes out from your devices.
Logged
Temperance
Newbie
Posts: 2
Karma: 0
Re: Unexpected traffic when network is idle
«
Reply #2 on:
December 03, 2024, 04:33:26 am »
Thanks for your reply, cookiemonster.
Yes, the PC is the source of the traffic, I have no doubt of that; what I wonder is if all this traffic originating from it is a sign of malware on the PC. The only other firewall I have experience with (a Sonicwall appliance) does not have an equivalent to the Live View, so I'm not sure what to expect.
Regards,
Temperance
Logged
cookiemonster
Hero Member
Posts: 1834
Karma: 95
Re: Unexpected traffic when network is idle
«
Reply #3 on:
December 03, 2024, 10:29:21 pm »
What can be useful to have a little more information is to log the dns queries made prior to the connection.
It will still be the same client but you'll have a query for dns followed by the actual request to the server.
AdGuardHome plugin is quite useful for this.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Unexpected traffic when network is idle
