The "let out anything from firewall host itself (force gw)" logs ...

Started by senseOPN, June 09, 2025, 01:34:30 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 09, 2025, 01:34:30 AM
Those countless "let out anything from firewall host itself (force gw)" logs are driving me crazy.


The traffic that get's logged here is clearly NOT from the firewall, but from local networks like LAN, which get routed out over the WAN IP.

I tried for hours to get rid of those logs, followed countless "ideas" of ChatGPG, but finally I need help from people who know ...


I know that I can get rid of the "force gw" part by disabling forced gateways, but that does not remove the logs.
There also does not seem to exist any way to remove or edit automatic logs.

But I really don't want this immense amount of logs for regular traffic!

Maybe there is a way to fix this with pfctl commands?
Or somehow change the routing in a way that this regular traffic does NOT appear to come from the public WAN IP?


Right now, it seems that all people using OPNsense will have all of this logged - which is irritating.

My setup:

OPNsense attached via WAN interface to TP-Link router in Bridge Mode.
I currently only have LAN [FritzBox as AP for WiFi and LAN), GUEST (work laptop) and PVE (proxmox server) interfaces configured and cabled.
The TP-Link is connected with a second interface too, but I disable that most of the time - when I need to access it's admin web UI.

Any idea how I (and lots and lots of people) could get rid of this (somewhat wrong) logging?

Any help is greatly appreciated! 🤗
June 09, 2025, 01:41:00 AM #1
You cannot view this attachment.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
June 09, 2025, 02:17:33 AM #2
Quote from: meyergru on June 09, 2025, 01:41:00 AMYou cannot view this attachment.

Great many thanks, @meyergru 🤗

ChatGPT did not come to this idea, and I thought that this is not the right option for this (I was searching for a way to manipulate the automatic rules, or to change routing in a way that the traffic comes from the IP of the firewall in each net ...)

But unticking those options did the trick! 🥂
June 09, 2025, 11:21:00 AM #3
As I now can see the real traffic, I noticed something strange, @meyergru

The log shows that one of my LAN clients contacts the Apple IP 17.57.146.57
That is not strange by itself, but it get's blocked by a rule AFTER a rule that allows any traffic from the LAN network to the internet!
So this traffic should have been allowed by the first rule.
But instead, it get's blocked by the second rule.
I have no explanation for this.

And the second strange thing is, that another LAN clients tries to connect the private, reserved IP 198.18.0.1 for DNS.
This should not be a routable IP from my understanding.
June 09, 2025, 11:53:50 AM #4
I suspected state problems and rebooted the firewall.

Now I see way more of such blocked packages:

June 10, 2025, 10:34:43 PM #5
What's the IP range for LAN? Double check the 'Lan network' alias in FW > Diagnostics.
You have floating rules. Is there one with the same description?
Or verify the rule that is identified from the i icon at the end of the log line (follow the rid).
Print
Go Up Pages1
User actions