# broadcast



## fernandel (Dec 31, 2022)

Hi!

I have FreeBSD 13.1-RELEASE-p5 and I have in rc.conf:

```
# lagg
cloned_interfaces="lagg0"
wlans_iwm0="wlan0"
create_args_wlan0="wlanaddr 00:2b:67:05:75:7f country US"
ifconfig_re1="up"
ifconfig_wlan0="WPA"
ifconfig_lagg0="up laggproto failover laggport re1 laggport wlan0 DHCP"
```
I am using ipfw firewal, default - workstation. And the "problem" is if I am using wifi than I got in firewall logs:

```
kernel: ipfw: 65500 Deny UDP 192.168.1.1:44454 239.255.255.250:1900 in via lagg0
kernel: ipfw: 65500 Deny UDP 192.168.1.1:46079 239.255.255.250:1900 in via lagg0
kernel: ipfw: 65500 Deny UDP 192.168.1.1:49766 239.255.255.250:1900 in via lagg0
kernel: ipfw: 65500 Deny UDP 192.168.1.1:59785 239.255.255.250:1900 in via lagg0
kernel: ipfw: 65500 Deny UDP 192.168.1.1:59546 239.255.255.250:1900 in via lagg0
,,,
...
```

but with using ethernet I do not have those logs. The same is if I use just wlan0.

Thank you and Happy New Year.


----------



## Bryce Alexander (Dec 31, 2022)

This sounds like an IPFW permission issue, check your IPFW config to see if you are allowing the IP range of 192.168.1.0/24


----------



## fernandel (Dec 31, 2022)

Bryce Alexander said:


> This sounds like an IPFW permission issue, check your IPFW config to see if you are allowing the IP range of 192.168.1.0/24


Is it normal that firewall blocking when I am on wifi but not on ethernet, please?
Thank you.


----------



## Bryce Alexander (Dec 31, 2022)

Short answer is yes.
IPFW works by matching the rules as defined. In your ethernet DHCP and your WiFi DHCP it is typical of the Wifi Router to provide a different IP range from your Ethernet range. You should examine the existing rules in IPFW to see if the addresses provided by the WiFi router are permitted, You can quickly list the existing firewall rules by entering 

```
ipfw list
```


----------



## chrbr (Dec 31, 2022)

Hi fernandel,
this is in my [/file]/etc/rc.conf[/file] with line numers of an editor.

```
...
 19 # LAGG
 20 ifconfig_em0="ether 8c:70:5a:cd:28:ec"
 21 wlans_iwn0="wlan0"
 22 ifconfig_wlan0="WPA"
 23 create_args_wlan0="country DE regdomain ETSI channel 1"
 24 ifconfig_lagg0="up laggproto failover laggport em0 laggport wlan0 DHCP"
...
 60 # IPFW
 61 firewall_enable="yes"
 62 firewall_type="workstation"
 63 firewall_logging="yes"
 64 firewall_myservices="ssh/tcp"
 65 firewall_allowservices="192.168.0.0/24"
...
```
I have had no issues. May be you can re-use parts of it.
Kind regards,
Christoph


----------



## covacat (Dec 31, 2022)

that look like upnp broadcasts from your home router
you can just ignore that


----------



## fernandel (Dec 31, 2022)

covacat said:


> that look like upnp broadcasts from your home router
> you can just ignore that


Yes, it is. Thank you.


----------



## smithi (Dec 31, 2022)

covacat said:


> that look like upnp broadcasts from your home router
> you can just ignore that



Yep, multicast Class D; my wifi uplink is a tethered phone and emits these periodically, about 3 times per minute.

Rather than ignore them filling your log, just add `firewall_nologports="1900"` to /etc/rc.conf.


----------



## Bryce Alexander (Jan 2, 2023)

To wrap this up, your rc.conf has the following:
`65 firewall_allowservices="192.168.0.0/24"` which would allow 192.168.0.0 through 192.168.0.255 but the reject messages you see in your log are from 192.168.1.1 which is in the next /24 range. This difference in subnet ranges almost certainly explains why there is a difference in WiFi and Ethernet. You can either adjust your subnet mask to /16 to include all 192.168.nnn.nnn, or depending on your local needs you can use a tighter mask like /23 which would give you just 192.168.0.nnn through 192.168.1.nnn

Play around with CIDR calculators online to decide what mask works best for you.


----------



## smithi (Jan 2, 2023)

Bryce Alexander said:


> To wrap this up, your rc.conf has the following:
> `65 firewall_allowservices="192.168.0.0/24"` which would allow 192.168.0.0 through 192.168.0.255 but the reject messages you see in your log are from 192.168.1.1 which is in the next /24 range.



Sorry Bryce, but you're quoting chrbr's setup, yet the deny log lines were from OP, Fernandel.

covacat pounced on the real issue, the upnp packets, and I just showed how to quell the unnecessary logging noise ...


----------



## fernandel (Jan 2, 2023)

kernel: ipfw: 65500 Deny UDP 192.168.1.85:52837 239.255.255.250:3702 in via lagg0
And one question more, please: IS thus broadcast too. Thank you.I found it:
https://www.wikimix.info/en/ip/192.168.1.85


----------



## smithi (Jan 3, 2023)

fernandel said:


> kernel: ipfw: 65500 Deny UDP 192.168.1.85:52837 239.255.255.250:3702 in via lagg0
> And one question more, please: IS thus broadcast too. Thank you.I found it:
> https://www.wikimix.info/en/ip/192.168.1.85



Yes, any ip4 address starting with 224 to 255 is broadcast:

224.0.0.0/4 Class D
240.0.0.0/4 Class E

See /etc/rc.firewall 'simple' ruleset for definitions of various ranges of addresses that should not be routed outside our local network, there added to a table.

Is 192.168.1.85 your address, or another system in your net?

I don't know what port 3702 is; it's not in /etc/services .


----------



## SirDice (Jan 3, 2023)

smithi said:


> Yes, any ip4 address starting with 224 to 255 is broadcast:


No. 224.0.0.0/4 is multicast, not broadcast.


----------



## smithi (Jan 3, 2023)

SirDice said:


> No. 224.0.0.0/4 is multicast, not broadcast.



Quite so, thanks.  No excuse, I was looking at that very section of /etc/rc.firewall .


----------



## fernandel (Jan 5, 2023)

smithi said:


> Yes, any ip4 address starting with 224 to 255 is broadcast:
> 
> 224.0.0.0/4 Class D
> 240.0.0.0/4 Class E
> ...


https://www.speedguide.net/port.php?port=3702


----------



## smithi (Jan 6, 2023)

fernandel said:


> https://www.speedguide.net/port.php?port=3702



A useful bookmark, thanks.






						SG TCP/IP Ports Database
					






					www.speedguide.net


----------

