At home, my LAN switch is a NetGear GS108T (hardware version 1.0.0.1, firmware 3.0.4.10) with 3 VLANs running (configured in Astaro):
LAN (192.168.11.0/24)
DMZ (192.168.210.0/24)
WiFi LAN (192.168.211.0/24)
Looking at the PacketFilter logs, I see that there are a lot of dropped packets from the switch to UDP port 123 (NTP) to the firewall (the switch is configured to use the firewall for NTP), and that they are dropped as SPOOFED.
I was previously running v7 (briefly ran v8 to convert the config file for v9), and never noticed the switch triggering the spoofing protection before.
packetfilter-2012-07-31.log.gz:2012:07:31-23:56:19 fw ulogd[4292]: id="2005" severity="info" sys="SecureNet" sub="packetfilter" name="IP spoofing drop" action="IP spoofing drop" fwrule="60008" initf="eth1.11" srcmac="0:1e:2a:cc:34:8e" dstmac="0:24:21:2e:63:f5" srcip="192.168.11.4" dstip="192.168.11.1" proto="17" length="76" tos="0x00" prec="0x00" ttl="255" srcport="4514" dstport="123"
The IP and MAC addresses are correct for the switch (192.168.11.4 is the management IP) and the firewall,
BUT the interface is wrong (eth1.11 is the .211 VLAN for WiFi); the .11 LAN interface should be eth1.13.
So, is the Netgear tagging the NTP traffic with the wrong VLAN?
Thanks,
Barry
This thread was automatically locked due to age.
