dr4aaa
Goto Top

Pfsense Firewallregel Logeinträge

Schönen guten Tag,

seit einiger Zeit beschäftige ich mich nun schon mit Pfsense. Jetzt zum Schluss ist jedoch ein Problem aufgetraucht, das ich ich nicht lösen kann. Auch eine Online-Suche führte nicht zum Erfolg. Ich hoffe Ihr könnt mir helfen.

Bei meinem Problem geht es um die Logeinträge. Es werden Einträge geschrieben für Verbinden, die es insofern garnicht gab und ich weiss nicht wie ich diese Einträge herausgefiltert bekomme, oder Sie nicht mehr mit geloggt werden.

Ich habe eine Firewallregel die mit geloggt wird und besagt "Action:Pass - Interface:Lan - Source:any - Direction:any".

Wenn ich nun auf eine Website wie beispielsweise pk-buch.de gehe loggt er das auch. Bis hierher ist noch alles wunderbar. Zusätzlich zu diesem Eintrag bekommen ich aber noch einen. In diesem steht auf identische Weise, meiner Meinung nach zumindest, dass ebenfalls zu facebook verbunden wurde. Das war jedoch nicht der Fall. Dieser Eintrag kam nur zustande, da sich auch der pk-buch.de Seite ein Link zu facebook befindet, so vermute ich.

Das ganze sieht dann so aus:

Aug 24 06:20:36 pfSense pf: 192.168.1.100.52460 > 192.168.1.1.53: 46244+ A? pk-buch.de. (28)
Aug 24 06:20:36 pfSense pf: 00:00:00.030434 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 19471, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:20:36 pfSense pf: 192.168.1.100.1602 > 85.214.131.9.80: Flags [S], cksum 0xb0cc (correct), seq 1035919118, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:20:36 pfSense pf: 00:00:00.000833 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 19472, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:20:36 pfSense pf: 192.168.1.100.1603 > 85.214.131.9.80: Flags [S], cksum 0xbec6 (correct), seq 3113964854, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:20:36 pfSense pf: 00:00:00.388801 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 19483, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:20:36 pfSense pf: 192.168.1.100.1604 > 85.214.131.9.80: Flags [S], cksum 0x269b (correct), seq 634290478, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:20:36 pfSense pf: 00:00:00.001993 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 19484, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:20:36 pfSense pf: 192.168.1.100.1605 > 85.214.131.9.80: Flags [S], cksum 0x62ab (correct), seq 2191910981, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:20:36 pfSense pf: 00:00:00.001582 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 19485, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:20:36 pfSense pf: 192.168.1.100.1606 > 85.214.131.9.80: Flags [S], cksum 0x421e (correct), seq 2004161538, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:20:36 pfSense pf: 00:00:00.001523 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 19486, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:20:36 pfSense pf: 192.168.1.100.1607 > 85.214.131.9.80: Flags [S], cksum 0xedeb (correct), seq 1898212996, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:20:37 pfSense pf: 00:00:00.608656 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 19587, offset 0, flags [none], proto UDP (17), length 62)
Aug 24 06:20:37 pfSense pf: 192.168.1.100.50131 > 192.168.1.1.53: 51752+ A? www.facebook.com. (34)
Aug 24 06:21:07 pfSense pf: 00:00:29.995092 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 20649, offset 0, flags [none], proto UDP (17), length 229)
Aug 24 06:21:07 pfSense pf: 192.168.1.100.138 > 192.168.1.255.138: NBT UDP PACKET(138)


Bei einer Verbindung zu test.de ebenfalls weitere Verbindungen zu warentest01.webtrekk.net.,www.facebook.com.,twitter.com. ,googleads.g.doubleclick.net. und www.youtube.com.

Aug 24 06:22:07 pfSense pf: 192.168.1.100.54354 > 192.168.1.1.53: 17375+ A? test.de. (25)
Aug 24 06:22:07 pfSense pf: 00:00:00.018124 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 21117, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:22:07 pfSense pf: 192.168.1.100.1617 > 217.110.104.154.80: Flags [S], cksum 0x3129 (correct), seq 140126942, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:22:07 pfSense pf: 00:00:00.004319 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 21118, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:22:07 pfSense pf: 192.168.1.100.1618 > 217.110.104.154.80: Flags [S], cksum 0xd9e2 (correct), seq 857954138, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:22:07 pfSense pf: 00:00:00.214059 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 21123, offset 0, flags [none], proto UDP (17), length 57)
Aug 24 06:22:07 pfSense pf: 192.168.1.100.50994 > 192.168.1.1.53: 457+ A? www.test.de. (29)
Aug 24 06:22:07 pfSense pf: 00:00:00.016625 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 21124, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:22:07 pfSense pf: 192.168.1.100.1619 > 217.110.104.156.80: Flags [S], cksum 0xebbc (correct), seq 445210135, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:22:07 pfSense pf: 00:00:00.000445 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 21125, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:22:07 pfSense pf: 192.168.1.100.1620 > 217.110.104.156.80: Flags [S], cksum 0x738c (correct), seq 1659932127, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:22:08 pfSense pf: 00:00:00.318954 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 21131, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:22:08 pfSense pf: 192.168.1.100.1621 > 217.110.104.156.80: Flags [S], cksum 0xd1e4 (correct), seq 1626681729, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:22:08 pfSense pf: 00:00:00.001471 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 21133, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:22:08 pfSense pf: 192.168.1.100.1622 > 217.110.104.156.80: Flags [S], cksum 0xdbf4 (correct), seq 571631187, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:22:08 pfSense pf: 00:00:00.000679 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 21134, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:22:08 pfSense pf: 192.168.1.100.1623 > 217.110.104.156.80: Flags [S], cksum 0xa3e6 (correct), seq 775655991, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:22:08 pfSense pf: 00:00:00.511727 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 21211, offset 0, flags [none], proto UDP (17), length 70)
Aug 24 06:22:08 pfSense pf: 192.168.1.100.64222 > 192.168.1.1.53: 18171+ A? warentest01.webtrekk.net. (42)
Aug 24 06:22:08 pfSense pf: 00:00:00.017671 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 21212, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:22:08 pfSense pf: 192.168.1.100.1624 > 80.190.166.100.80: Flags [S], cksum 0xe46f (correct), seq 2651008205, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:22:08 pfSense pf: 00:00:00.021576 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 21213, offset 0, flags [none], proto UDP (17), length 70)
Aug 24 06:22:08 pfSense pf: 192.168.1.100.57839 > 192.168.1.1.53: 8421+ A? www.googleadservices.com. (42)
Aug 24 06:22:08 pfSense pf: 00:00:00.018128 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 21216, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:22:08 pfSense pf: 192.168.1.100.1625 > 173.194.69.154.80: Flags [S], cksum 0xa46d (correct), seq 2059441111, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:22:08 pfSense pf: 00:00:00.157288 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 21220, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:22:08 pfSense pf: 192.168.1.100.1626 > 217.110.104.156.80: Flags [S], cksum 0x48db (correct), seq 3013240800, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:22:09 pfSense pf: 00:00:00.103498 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 21255, offset 0, flags [none], proto UDP (17), length 62)
Aug 24 06:22:09 pfSense pf: 192.168.1.100.54389 > 192.168.1.1.53: 4738+ A? www.facebook.com. (34)
Aug 24 06:22:09 pfSense pf: 00:00:00.002149 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 21257, offset 0, flags [none], proto UDP (17), length 57)
Aug 24 06:22:09 pfSense pf: 192.168.1.100.63541 > 192.168.1.1.53: 11005+ A? twitter.com. (29)
Aug 24 06:22:09 pfSense pf: 00:00:00.002055 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 21259, offset 0, flags [none], proto UDP (17), length 73)
Aug 24 06:22:09 pfSense pf: 192.168.1.100.55324 > 192.168.1.1.53: 53988+ A? googleads.g.doubleclick.net. (45)
Aug 24 06:22:09 pfSense pf: 00:00:00.002468 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 21261, offset 0, flags [none], proto UDP (17), length 61)
Aug 24 06:22:09 pfSense pf: 192.168.1.100.63542 > 192.168.1.1.53: 53284+ A? www.youtube.com. (33)
Aug 24 06:22:09 pfSense pf: 00:00:00.031391 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 21278, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:22:09 pfSense pf: 192.168.1.100.1627 > 173.194.69.156.80: Flags [S], cksum 0x2bcb (correct), seq 3955006329, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:22:32 pfSense pf: 00:00:23.400441 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 21620, offset 0, flags [none], proto UDP (17), length 105)
Aug 24 06:22:32 pfSense pf: 192.168.1.100.1025 > 192.168.250.240.161: { SNMPv1 { GetRequest(62) R=4 .1.3.6.1.2.1.25.3.2.1.5.1 .1.3.6.1.2.1.25.3.5.1.1.1 .1.3.6.1.2.1.25.3.5.1.2.1 } }

Und bei hallo.de auch jede Menge zusätzliche Verbindungen

Aug 24 06:30:17 pfSense pf: 192.168.1.100.64589 > 192.168.1.1.53: 55824+ A? www.hallo.de. (30)
Aug 24 06:30:17 pfSense pf: 00:00:00.142620 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24531, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:17 pfSense pf: 192.168.1.100.1675 > 88.198.138.3.80: Flags [S], cksum 0x633b (correct), seq 438322699, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:17 pfSense pf: 00:00:00.000505 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24532, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:17 pfSense pf: 192.168.1.100.1676 > 88.198.138.3.80: Flags [S], cksum 0xa93a (correct), seq 473038329, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:22 pfSense pf: 00:00:04.653268 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24543, offset 0, flags [none], proto UDP (17), length 66)
Aug 24 06:30:22 pfSense pf: 192.168.1.100.55468 > 192.168.1.1.53: 49300+ A? imagesrv.adition.com. (38)
Aug 24 06:30:22 pfSense pf: 00:00:00.003085 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24545, offset 0, flags [none], proto UDP (17), length 65)
Aug 24 06:30:22 pfSense pf: 192.168.1.100.60580 > 192.168.1.1.53: 38352+ A? adfarm1.adition.com. (37)
Aug 24 06:30:22 pfSense pf: 00:00:00.000079 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24544, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:22 pfSense pf: 192.168.1.100.1677 > 88.198.138.3.80: Flags [S], cksum 0x79b3 (correct), seq 1973408785, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:22 pfSense pf: 00:00:00.001715 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24546, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:22 pfSense pf: 192.168.1.100.1678 > 88.198.138.3.80: Flags [S], cksum 0xfe7b (correct), seq 3497260147, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:22 pfSense pf: 00:00:00.000985 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24547, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:22 pfSense pf: 192.168.1.100.1679 > 88.198.138.3.80: Flags [S], cksum 0xf7c6 (correct), seq 1122076858, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:22 pfSense pf: 00:00:00.013953 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24552, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:22 pfSense pf: 192.168.1.100.1680 > 217.79.188.60.80: Flags [S], cksum 0x46f1 (correct), seq 733781489, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:22 pfSense pf: 00:00:00.001706 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24553, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:22 pfSense pf: 192.168.1.100.1681 > 217.79.188.8.80: Flags [S], cksum 0x8025 (correct), seq 480474121, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:22 pfSense pf: 00:00:00.000606 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24554, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:22 pfSense pf: 192.168.1.100.1682 > 217.79.188.8.80: Flags [S], cksum 0x53d0 (correct), seq 1228370889, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:22 pfSense pf: 00:00:00.001843 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24555, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:22 pfSense pf: 192.168.1.100.1683 > 217.79.188.8.80: Flags [S], cksum 0x4b6d (correct), seq 452110960, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:22 pfSense pf: 00:00:00.000590 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24556, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:22 pfSense pf: 192.168.1.100.1684 > 217.79.188.8.80: Flags [S], cksum 0xeb47 (correct), seq 3221448067, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:22 pfSense pf: 00:00:00.005123 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24563, offset 0, flags [none], proto UDP (17), length 65)
Aug 24 06:30:22 pfSense pf: 192.168.1.100.64427 > 192.168.1.1.53: 4119+ A? www.imazine-shop.de. (37)
Aug 24 06:30:22 pfSense pf: 00:00:00.081737 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24609, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:22 pfSense pf: 192.168.1.100.1685 > 92.43.107.90.80: Flags [S], cksum 0xaefd (correct), seq 4119935505, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:22 pfSense pf: 00:00:00.057576 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24618, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:22 pfSense pf: 192.168.1.100.1686 > 88.198.138.3.80: Flags [S], cksum 0x9a63 (correct), seq 3963436218, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:22 pfSense pf: 00:00:00.016625 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24625, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:22 pfSense pf: 192.168.1.100.1687 > 217.79.188.8.80: Flags [S], cksum 0x4d17 (correct), seq 3431135025, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:22 pfSense pf: 00:00:00.012596 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24628, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:22 pfSense pf: 192.168.1.100.1688 > 217.79.188.60.80: Flags [S], cksum 0xc0e3 (correct), seq 552021708, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:22 pfSense pf: 00:00:00.061522 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24639, offset 0, flags [none], proto UDP (17), length 69)
Aug 24 06:30:22 pfSense pf: 192.168.1.100.59780 > 192.168.1.1.53: 31377+ A? ad2.adfarm1.adition.com. (41)
Aug 24 06:30:22 pfSense pf: 00:00:00.016725 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24640, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:22 pfSense pf: 192.168.1.100.1689 > 217.79.188.21.80: Flags [S], cksum 0x1942 (correct), seq 2566545024, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:22 pfSense pf: 00:00:00.049819 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24648, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:22 pfSense pf: 192.168.1.100.1690 > 217.79.188.21.80: Flags [S], cksum 0x5751 (correct), seq 4251892731, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:22 pfSense pf: 00:00:00.082798 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24673, offset 0, flags [none], proto UDP (17), length 61)
Aug 24 06:30:22 pfSense pf: 192.168.1.100.61276 > 192.168.1.1.53: 51774+ A? om.dsl.1und1.de. (33)
Aug 24 06:30:22 pfSense pf: 00:00:00.018542 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24674, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:22 pfSense pf: 192.168.1.100.1691 > 212.227.116.105.80: Flags [S], cksum 0xb777 (correct), seq 2022976711, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:22 pfSense pf: 00:00:00.000538 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24675, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:22 pfSense pf: 192.168.1.100.1692 > 212.227.116.105.80: Flags [S], cksum 0x54e0 (correct), seq 2514645519, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:22 pfSense pf: 00:00:00.000748 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24676, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:22 pfSense pf: 192.168.1.100.1693 > 217.79.188.8.80: Flags [S], cksum 0x073f (correct), seq 3490920819, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:23 pfSense pf: 00:00:00.145855 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24699, offset 0, flags [none], proto UDP (17), length 62)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.63543 > 192.168.1.1.53: 27404+ A? www.facebook.com. (34)
Aug 24 06:30:23 pfSense pf: 00:00:00.006163 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24700, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.1694 > 217.79.188.8.80: Flags [S], cksum 0x670f (correct), seq 1369724945, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:23 pfSense pf: 00:00:00.010693 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24702, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.1695 > 69.63.189.70.80: Flags [S], cksum 0x09f7 (correct), seq 2157254922, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:23 pfSense pf: 00:00:00.000530 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24703, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.1696 > 69.63.189.70.80: Flags [S], cksum 0xd54c (correct), seq 3336439658, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:23 pfSense pf: 00:00:00.037015 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24707, offset 0, flags [none], proto UDP (17), length 57)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.53210 > 192.168.1.1.53: 62149+ A? www.ciao.de. (29)
Aug 24 06:30:23 pfSense pf: 00:00:00.002688 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24709, offset 0, flags [none], proto UDP (17), length 62)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.57346 > 192.168.1.1.53: 12081+ A? www.check-sms.de. (34)
Aug 24 06:30:23 pfSense pf: 00:00:00.000596 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24710, offset 0, flags [none], proto UDP (17), length 59)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.60576 > 192.168.1.1.53: 55583+ A? www.dooyoo.de. (31)
Aug 24 06:30:23 pfSense pf: 00:00:00.004876 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24712, offset 0, flags [none], proto UDP (17), length 59)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.65069 > 192.168.1.1.53: 7383+ A? a.ligatus.com. (31)
Aug 24 06:30:23 pfSense pf: 00:00:00.010485 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24715, offset 0, flags [none], proto UDP (17), length 64)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.55411 > 192.168.1.1.53: 15852+ A? www.frei-simser.de. (36)
Aug 24 06:30:23 pfSense pf: 00:00:00.009724 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24716, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.1697 > 206.33.58.254.80: Flags [S], cksum 0xb141 (correct), seq 1599900764, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:23 pfSense pf: 00:00:00.047826 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24719, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.1698 > 206.33.58.254.80: Flags [S], cksum 0x3bc4 (correct), seq 3322714920, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:23 pfSense pf: 00:00:00.006332 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24724, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.1699 > 217.79.188.8.80: Flags [S], cksum 0x9def (correct), seq 3864628342, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:23 pfSense pf: 00:00:00.040551 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24729, offset 0, flags [none], proto UDP (17), length 59)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.65202 > 192.168.1.1.53: 46543+ A? d.ligatus.com. (31)
Aug 24 06:30:23 pfSense pf: 00:00:00.017557 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24731, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.1700 > 81.26.166.70.80: Flags [S], cksum 0x3c2a (correct), seq 1769081114, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:23 pfSense pf: 00:00:00.023024 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24733, offset 0, flags [none], proto UDP (17), length 73)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.53398 > 192.168.1.1.53: 10918+ A? hal9000.redintelligence.net. (45)
Aug 24 06:30:23 pfSense pf: 00:00:00.017630 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24736, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.1701 > 81.30.148.6.80: Flags [S], cksum 0x1440 (correct), seq 1478907019, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:23 pfSense pf: 00:00:00.035815 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24743, offset 0, flags [none], proto UDP (17), length 59)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.65375 > 192.168.1.1.53: 61250+ A? x.ligatus.com. (31)
Aug 24 06:30:23 pfSense pf: 00:00:00.017023 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24746, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.1702 > 81.26.166.11.80: Flags [S], cksum 0x26aa (correct), seq 953306995, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:23 pfSense pf: 00:00:00.007367 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24747, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.1703 > 81.30.148.6.80: Flags [S], cksum 0xfcfd (correct), seq 1667391631, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:23 pfSense pf: 00:00:00.025095 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24753, offset 0, flags [none], proto UDP (17), length 65)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.59752 > 192.168.1.1.53: 31598+ A? static.ak.fbcdn.net. (37)
Aug 24 06:30:23 pfSense pf: 00:00:00.027649 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24755, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.1704 > 217.89.105.160.80: Flags [S], cksum 0x71f2 (correct), seq 2119004889, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:23 pfSense pf: 00:00:00.000820 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24756, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.1705 > 217.89.105.160.80: Flags [S], cksum 0x6d23 (correct), seq 2126411574, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:23 pfSense pf: 00:00:00.001271 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24758, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.1706 > 217.89.105.160.80: Flags [S], cksum 0xd344 (correct), seq 2295006983, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:23 pfSense pf: 00:00:00.000581 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24759, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.1707 > 217.89.105.160.80: Flags [S], cksum 0xde96 (correct), seq 680811499, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:23 pfSense pf: 00:00:00.000492 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24760, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.1708 > 217.89.105.160.80: Flags [S], cksum 0x42bb (correct), seq 43130312, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:23 pfSense pf: 00:00:00.000572 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24761, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.1709 > 217.89.105.160.80: Flags [S], cksum 0x768c (correct), seq 1039249046, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:23 pfSense pf: 00:00:00.004288 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24764, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.1710 > 81.30.148.6.80: Flags [S], cksum 0xa444 (correct), seq 96671457, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:23 pfSense pf: 00:00:00.004303 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24767, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.1711 > 81.26.166.11.80: Flags [S], cksum 0x3916 (correct), seq 3676412590, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:23 pfSense pf: 00:00:00.122215 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24835, offset 0, flags [none], proto UDP (17), length 60)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.63544 > 192.168.1.1.53: 38492+ A? ms.ligatus.com. (32)
Aug 24 06:30:23 pfSense pf: 00:00:00.051592 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24882, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.1712 > 81.26.166.14.80: Flags [S], cksum 0x534a (correct), seq 86333043, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:23 pfSense pf: 00:00:00.000790 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24883, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.1713 > 81.26.166.14.80: Flags [S], cksum 0xd18f (correct), seq 1509917522, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:23 pfSense pf: 00:00:00.017680 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24903, offset 0, flags [none], proto UDP (17), length 76)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.53897 > 192.168.1.1.53: 17650+ A? n6.hal9000.redintelligence.net. (48)
Aug 24 06:30:23 pfSense pf: 00:00:00.065737 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24967, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.1714 > 85.114.138.100.80: Flags [S], cksum 0x0e39 (correct), seq 2152413102, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:23 pfSense pf: 00:00:00.000626 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 24969, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.1715 > 85.114.138.100.80: Flags [S], cksum 0x71de (correct), seq 4146552107, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:23 pfSense pf: 00:00:00.074694 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 25039, offset 0, flags [none], proto UDP (17), length 70)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.51519 > 192.168.1.1.53: 3145+ A? www.google-analytics.com. (42)
Aug 24 06:30:23 pfSense pf: 00:00:00.058724 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 25058, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.1716 > 173.194.69.139.80: Flags [S], cksum 0x5093 (correct), seq 2136793801, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:23 pfSense pf: 00:00:00.061977 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 25088, offset 0, flags [none], proto UDP (17), length 65)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.55346 > 192.168.1.1.53: 6348+ A? www.bruce-scout.com. (37)
Aug 24 06:30:23 pfSense pf: 00:00:00.001669 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 25089, offset 0, flags [none], proto UDP (17), length 64)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.50438 > 192.168.1.1.53: 13818+ A? www.bruceforce.com. (36)
Aug 24 06:30:23 pfSense pf: 00:00:00.003880 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 25090, offset 0, flags [none], proto UDP (17), length 65)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.55742 > 192.168.1.1.53: 47574+ A? www.pc-feuerwehr.de. (37)
Aug 24 06:30:23 pfSense pf: 00:00:00.012595 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 25095, offset 0, flags [none], proto UDP (17), length 69)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.64850 > 192.168.1.1.53: 58496+ A? ad-emea.doubleclick.net. (41)
Aug 24 06:30:23 pfSense pf: 00:00:00.021763 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 25101, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:23 pfSense pf: 192.168.1.100.1717 > 173.194.69.148.80: Flags [S], cksum 0xa25b (correct), seq 526905580, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:24 pfSense pf: 00:00:00.247964 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 25120, offset 0, flags [none], proto UDP (17), length 66)
Aug 24 06:30:24 pfSense pf: 192.168.1.100.63545 > 192.168.1.1.53: 40573+ A? profile.ak.fbcdn.net. (38)
Aug 24 06:30:24 pfSense pf: 00:00:00.011540 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 25122, offset 0, flags [none], proto UDP (17), length 71)
Aug 24 06:30:24 pfSense pf: 192.168.1.100.49798 > 192.168.1.1.53: 63363+ A? banners.webmasterplan.com. (43)
Aug 24 06:30:24 pfSense pf: 00:00:00.010757 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 25124, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:24 pfSense pf: 192.168.1.100.1718 > 23.63.98.233.80: Flags [S], cksum 0x4aae (correct), seq 1546487041, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:24 pfSense pf: 00:00:00.006536 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 25125, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:24 pfSense pf: 192.168.1.100.1719 > 195.189.236.30.80: Flags [S], cksum 0xf58f (correct), seq 25558802, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:24 pfSense pf: 00:00:00.094911 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 25132, offset 0, flags [none], proto UDP (17), length 64)
Aug 24 06:30:24 pfSense pf: 192.168.1.100.61198 > 192.168.1.1.53: 47841+ A? ad.doubleclick.net. (36)
Aug 24 06:30:24 pfSense pf: 00:00:00.018773 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 25134, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:24 pfSense pf: 192.168.1.100.1720 > 173.194.69.149.80: Flags [S], cksum 0x278c (correct), seq 2728257665, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:24 pfSense pf: 00:00:00.002229 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 25135, offset 0, flags [none], proto UDP (17), length 69)
Aug 24 06:30:24 pfSense pf: 192.168.1.100.58308 > 192.168.1.1.53: 29415+ A? www.actionallocator.com. (41)
Aug 24 06:30:24 pfSense pf: 00:00:00.001862 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 25136, offset 0, flags [none], proto UDP (17), length 67)
Aug 24 06:30:24 pfSense pf: 192.168.1.100.56120 > 192.168.1.1.53: 50255+ A? cdn.contentspread.net. (39)
Aug 24 06:30:24 pfSense pf: 00:00:00.003329 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 25137, offset 0, flags [none], proto UDP (17), length 72)
Aug 24 06:30:24 pfSense pf: 192.168.1.100.64420 > 192.168.1.1.53: 31867+ A? partners.webmasterplan.com. (44)
Aug 24 06:30:24 pfSense pf: 00:00:00.011948 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 25138, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:24 pfSense pf: 192.168.1.100.1721 > 80.237.183.60.80: Flags [S], cksum 0x63c8 (correct), seq 964427924, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:24 pfSense pf: 00:00:00.001327 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 25140, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:24 pfSense pf: 192.168.1.100.1722 > 80.237.183.60.80: Flags [S], cksum 0x6198 (correct), seq 2114960943, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:24 pfSense pf: 00:00:00.004812 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 25141, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:24 pfSense pf: 192.168.1.100.1723 > 217.79.179.47.80: Flags [S], cksum 0x561e (correct), seq 1299084788, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:24 pfSense pf: 00:00:00.137520 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 25166, offset 0, flags [none], proto UDP (17), length 57)
Aug 24 06:30:24 pfSense pf: 192.168.1.100.49835 > 192.168.1.1.53: 39413+ A? s0.2mdn.net. (29)
Aug 24 06:30:24 pfSense pf: 00:00:00.020775 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 25167, offset 0, flags [DF], proto TCP (6), length 52)
Aug 24 06:30:24 pfSense pf: 192.168.1.100.1724 > 173.194.69.149.80: Flags [S], cksum 0x8192 (correct), seq 3198186100, win 65535, options [mss 1460,nop,wscale 1,nop,nop,sackOK], length 0
Aug 24 06:30:55 pfSense pf: 00:00:30.081824 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 25491, offset 0, flags [DF], proto TCP (6), length 48)
Aug 24 06:30:55 pfSense pf: 192.168.1.100.1725 > 82.149.225.18.80: Flags [S], cksum 0xf101 (correct), seq 758409256, win 65535, options [mss 1460,nop,nop,sackOK], length 0
Aug 24 06:30:56 pfSense pf: 00:00:01.097208 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 25540, offset 0, flags [DF], proto TCP (6), length 48)
Aug 24 06:30:56 pfSense pf: 192.168.1.100.1726 > 82.149.225.18.80: Flags [S], cksum 0x33fb (correct), seq 1550513655, win 65535, options [mss 1460,nop,nop,sackOK], length 0
Aug 24 06:30:57 pfSense pf: 00:00:00.688420 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 25624, offset 0, flags [DF], proto TCP (6), length 48)
Aug 24 06:30:57 pfSense pf: 192.168.1.100.1727 > 82.149.225.18.80: Flags [S], cksum 0x3aa4 (correct), seq 2444671489, win 65535, options [mss 1460,nop,nop,sackOK], length 0
Aug 24 06:30:59 pfSense pf: 00:00:02.660056 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 25743, offset 0, flags [DF], proto TCP (6), length 48)
Aug 24 06:30:59 pfSense pf: 192.168.1.100.1728 > 82.149.225.18.80: Flags [S], cksum 0xe679 (correct), seq 2070946929, win 65535, options [mss 1460,nop,nop,sackOK], length 0
Aug 24 06:31:01 pfSense pf: 00:00:01.553434 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 25829, offset 0, flags [DF], proto TCP (6), length 48)
Aug 24 06:31:01 pfSense pf: 192.168.1.100.1729 > 82.149.225.18.80: Flags [S], cksum 0xb9d6 (correct), seq 2705206085, win 65535, options [mss 1460,nop,nop,sackOK], length 0
Aug 24 06:31:01 pfSense pf: 00:00:00.112392 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 25848, offset 0, flags [DF], proto TCP (6), length 48)
Aug 24 06:31:01 pfSense pf: 192.168.1.100.1730 > 82.149.225.18.80: Flags [S], cksum 0x4dd3 (correct), seq 558438205, win 65535, options [mss 1460,nop,nop,sackOK], length 0
Aug 24 06:31:03 pfSense pf: 00:00:02.284111 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 25977, offset 0, flags [DF], proto TCP (6), length 48)
Aug 24 06:31:03 pfSense pf: 192.168.1.100.1731 > 82.149.225.18.80: Flags [S], cksum 0x1ea1 (correct), seq 193092661, win 65535, options [mss 1460,nop,nop,sackOK], length 0
Aug 24 06:31:04 pfSense pf: 00:00:00.503237 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 26030, offset 0, flags [DF], proto TCP (6), length 48)
Aug 24 06:31:04 pfSense pf: 192.168.1.100.1732 > 82.149.225.18.80: Flags [S], cksum 0xcef4 (correct), seq 4232428316, win 65535, options [mss 1460,nop,nop,sackOK], length 0
Aug 24 06:31:05 pfSense pf: 00:00:00.670905 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 26094, offset 0, flags [DF], proto TCP (6), length 48)
Aug 24 06:31:05 pfSense pf: 192.168.1.100.1733 > 82.149.225.18.80: Flags [S], cksum 0xafd0 (correct), seq 1555855817, win 65535, options [mss 1460,nop,nop,sackOK], length 0
Aug 24 06:31:09 pfSense pf: 00:00:04.923849 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 26252, offset 0, flags [DF], proto TCP (6), length 48)
Aug 24 06:31:09 pfSense pf: 192.168.1.100.1734 > 82.149.225.18.80: Flags [S], cksum 0x4769 (correct), seq 40320133, win 65535, options [mss 1460,nop,nop,sackOK], length 0
Aug 24 06:31:10 pfSense pf: 00:00:00.141319 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 26271, offset 0, flags [DF], proto TCP (6), length 48)
Aug 24 06:31:10 pfSense pf: 192.168.1.100.1735 > 82.149.225.18.80: Flags [S], cksum 0x4783 (correct), seq 475472506, win 65535, options [mss 1460,nop,nop,sackOK], length 0
Aug 24 06:31:11 pfSense pf: 00:00:01.605312 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 26423, offset 0, flags [DF], proto TCP (6), length 48)
Aug 24 06:31:11 pfSense pf: 192.168.1.100.1736 > 82.149.225.18.80: Flags [S], cksum 0xc0d6 (correct), seq 2961315066, win 65535, options [mss 1460,nop,nop,sackOK], length 0
Aug 24 06:31:12 pfSense pf: 00:00:01.126078 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 26502, offset 0, flags [DF], proto TCP (6), length 48)
Aug 24 06:31:12 pfSense pf: 192.168.1.100.1737 > 82.149.225.18.80: Flags [S], cksum 0x216c (correct), seq 4228278495, win 65535, options [mss 1460,nop,nop,sackOK], length 0
Aug 24 06:31:13 pfSense pf: 00:00:00.510604 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 26555, offset 0, flags [DF], proto TCP (6), length 48)
Aug 24 06:31:13 pfSense pf: 192.168.1.100.1738 > 82.149.225.18.80: Flags [S], cksum 0x35ec (correct), seq 3554376841, win 65535, options [mss 1460,nop,nop,sackOK], length 0
Aug 24 06:31:20 pfSense pf: 00:00:06.784250 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 26592, offset 0, flags [none], proto UDP (17), length 202)
Aug 24 06:31:20 pfSense pf: 192.168.1.100.138 > 192.168.1.255.138: NBT UDP PACKET(138)
Aug 24 06:31:20 pfSense pf: 00:00:00.000659 rule 40/0(match): pass in on re1: (tos 0x0, ttl 128, id 26593, offset 0, flags [none], proto UDP (17), length 78)
Aug 24 06:31:20 pfSense pf: 192.168.1.100.137 > 192.168.1.255.137: NBT UDP PACKET(137): QUERY; REQUEST; BROADCAST


Ich hoffe ich konnte euch mein Problem ausführlich schilder und einer hat einen gute Rat.

Mit freundlichem Gruß Daniel

Content-Key: 190120

Url: https://administrator.de/contentid/190120

Ausgedruckt am: 28.03.2024 um 18:03 Uhr

Mitglied: aqui
aqui 24.08.2012 aktualisiert um 11:46:07 Uhr
Goto Top
Anlügen tut dich die Firewall nicht, also den Traffic gibt es schon tatsächlich.
Ist ja auch normal wenn auf der betreffenden Seite ein Link zu Fratzenkladde ist, dann wird auch entsprechender Traffic dahin vom Client generiert.
Warum aktivierst du die Paket Capture Funktion in der pfSense (unter Diagnostic) nicht oder nimmst einen Wireshark auf dem Client um mal den Traffic mitzutracen.
Das würde doch jeder logisch denkende ITler mal sofort machen zur Verifizierung ?!
Da hättest du den Traffic dann schwarz auf weiss der von deinem Client kommt und kannst das mit der Logregel vergleichen anstatt hier einen "Ratethread" mit Spekulationen zu eröffnen und ellenlangen und unkommentierten oder nichtmal farblich hervorgehobene Logs die nur verwirren statt wirklich zu helfen face-sad