NXFilter quando tiro a autenticação minha WAN dispara para o consumo total

20 views
Skip to first unread message

Marco Antonio Hubert

unread,
Mar 8, 2023, 6:47:01 AM3/8/23
to NxFilter - Fórum Brasileiro
Bom dia a todos,

Recentemente atualizei para a ultima versão do PFSense e nisso também atualizei a versão do NXfilter, restaurei o backup e a licença do Jahalist para 50 usuários. Nisso quando eu tira a autenticação a minha WAN desse cliente que e de 40MB estoura os 40MB mas a LAN continua funcionando normalmente e também consecutivamente já me aparece mais de 600 IPS no NXfilter, segue imagens:
Captura de tela 2023-03-08 084620.pngWhatsApp Image 2023-03-07 at 14.53.13.jpeg
Obrigado

Jahastech

unread,
Mar 8, 2023, 6:56:01 AM3/8/23
to NxFilter - Fórum Brasileiro
You can see those IPs on 'Logging > Request'. Do you not think they are your LAN IPs?

Marco Antonio Hubert

unread,
Mar 8, 2023, 7:17:37 AM3/8/23
to NxFilter - Fórum Brasileiro
Yes, see below


Captura de tela 2023-03-08 091315.png
I don't know if I teeling is correct but, is like WAN is DNS server for others, in config.default and cfg.properties I try used listen_ip = 192.168.1.0/24 after was listen_ip = 0.0.0.0.

Jahastech

unread,
Mar 8, 2023, 7:26:14 AM3/8/23
to NxFilter - Fórum Brasileiro
You are under DNS amplification attack. Drop ANY type queries on 'DNS > Server Protection > Request Type Control > Blocked Request Type ' by adding 255.

And 'listen_ip' is just an IP of your server. So, use the private IP of your server.

But I think your network configuration has some problem if you see the traffic from outside your network.

Marco Antonio Hubert

unread,
Mar 8, 2023, 7:31:12 AM3/8/23
to NxFilter - Fórum Brasileiro
OK I understand but, if I just stop NXfilter that my WAN worked fine but if I started NXfilter and Enable User Authentication is off my WAN worked in 40MB.

Jahastech

unread,
Mar 8, 2023, 7:41:01 AM3/8/23
to NxFilter - Fórum Brasileiro
Don't know what you want. You exposed NxFilter in WAN and disable authentication, that means you allow traffic from outside. As a result, your NxFilter is under attack. And that attack uses ANY type queries which produces heavy traffic. Why did you disable authentication?

Marco Antonio Hubert

unread,
Mar 8, 2023, 8:05:58 AM3/8/23
to NxFilter - Fórum Brasileiro
Sorry if I don't object, I'm not expose my Wan I just do it disable authentication because some users when open your brownser for put user and password  show is blocked and don't have option to put user and password, and I disable authentication for moment for they worked but at this moment I see that problem. For Instalation I follow documentation and I have other clients using NXfilter with AD and don't have this problem because off that I open this discussion.

Jahastech

unread,
Mar 8, 2023, 8:14:03 AM3/8/23
to NxFilter - Fórum Brasileiro
Then one of your PCs got infected with some malware doing DNS amplification attack. It does IP spoofing. So, they are all fake IPs. Just drop ANY type queries as I told you.

And you can associate whole IP range to one user and use it as a default user for everyone if you want.

Marco Antonio Hubert

unread,
Mar 8, 2023, 8:18:41 AM3/8/23
to NxFilter - Fórum Brasileiro
I do it " Drop ANY type queries on 'DNS > Server Protection > Request Type Control > Blocked Request Type ' by adding 255. " and everthing work good now.
Thank you for the patience and your help.
Have a nice day.
Reply all
Reply to author
Forward
0 new messages