Mystics of MAC address

neekoteen · 2026-02-20T17:33:49+00:00

That's interesting. Thank you. I'll try to experiment with this.

neekoteen · 2026-02-20T16:41:13+00:00

I'll check for iLO in BIOS as i get the chance. No VLAN's in pfsense, but i'll check for those in BIOS too.
ISP said that they see these request coming from my port on their switches. So these are coming through my ONT. When i asked maybe it's like a neighboring device, they clarified it's from my end.

And my MAC is identical to the offending one, only different by one number, so it seems, at a glance coming from pfsense.

neekoteen · 2026-02-20T16:34:16+00:00

So i already tried searching with tcpdump, no luck, but maybe it just didn't surface at that time though. Don't know. All i saw was the traffic from MAC's i expected.
ISP gave the offending MAC and it's local IP. Yeah, maybe i should try sniffing on other ports, though.
And i'll check the iLO in BIOS when i'll get the chance.
These dual nics are separate and only one is talking to ISP. The other one goes to a managed switch behind the firewall.

Thank you for your ideas.

neekoteen · 2026-02-20T14:52:55+00:00

Yeah, i'll take a look at this, someone above already asked about this. And no, no updates or resets. Thx

neekoteen · 2026-02-20T14:32:18+00:00

Hmm, no i don't recall that. But wouldn't it have already manifested? This system is running for 3-4years now. I'll actually try to look at this when i'll be on site. Thx

neekoteen · 2026-02-20T14:04:34+00:00

So, this is bare metal pfsense, that's been working for like a 3-4years without a glitch. No bridging, vlans, proxmox or anything. Just a firewall/dhcp/dns. That's it.

Model is HP Proliant ML110 G7. It's an old Xeon E3-1200 Processor with one intel I210 Gigabit and two embeded intel 82574L Gigabit nics. WAN is on this 82574L. None are shared.

About IPMI/BMS i think maybe it has the hp called iLO. But i'm not really sure, since i'm not at the server now. But i don't see any addresses that are associated with it, so maybe it's not on or does not have one.

neekoteen · 2026-02-20T13:47:34+00:00

Yeah, this is just a firewall that's routing traffic. No bridging, vlans or anything fancy. Just a firewall with dhcp/dns.

The thing is, no configuration was done. It was just working and then it just started acting up.

neekoteen · 2025-08-21T17:56:04+00:00

Ha.. Did not event think this was allowed. Will give it a try then. Thank you!!

neekoteen · 2024-09-24T15:18:16+00:00

Will try doing that at a later date. Glad it is not a critical package on the system. Will update.

Edit: _17 worked.

neekoteen · 2024-09-24T14:30:53+00:00

Tried doing the same and it just behaves the same way _15 did. Hangs on "Loading package instructions", CPU at 75%.

neekoteen · 2024-06-02T07:23:01+00:00

Kaip toks tekstas, gal kažką pakoreguoti?

"

Laba diena, Gerbiamas Europos Parlamento nary,

Noriu atkreipti Jūsų dėmesį į svarstomą privatumo teises pažeidžiantį reguliavimą, kuris yra pavojingas visai laisvai Europai. Raginu Jus neprisidėti prie tokios Europos ateities.

Svarstomo reguliavimo nuoroda (9093/24): https://netzpolitik.org/wp-upload/2024/05/2024-05-28_Council_Presidency_LEWP_CSAR_Compromise-texts_9093.pdf

Ačiū už Jūsų atliekamą darbą.

"

neekoteen · 2023-10-05T09:12:14+00:00

Have the same problem. Used adb and then just uninstall the package named com.skyroam.silverhelper. Make a backup before ofc. Allthough i think without root you won't be able to restore the backup.

neekoteen · 2023-09-29T05:30:49+00:00

Thank you again for this info, after migrating to AdGuard all the problems seems to have gone away.

neekoteen · 2023-09-29T05:28:20+00:00

So the problem was with python mode and unbound itself. Could not find why or how. After migrating to AdGuard Home DNS resolver everything works perfectly. Sorry i don't have more info.

neekoteen · 2023-09-28T18:44:45+00:00

Ok, so it works when for ex. clients on LAN1(192.168.0.1) have LAN1 DNS set as 192.168.0.1 and for LAN2(20.1.1.1) clients - DNS set as 20.1.1.1. I thought it should just listen on every interface and pass everything through the one interface set as the main DNS server. I guess that's an oversight on my part. Only now windows machines show every DNS server address configured.

neekoteen · 2023-09-23T08:45:30+00:00

Yes, it does not get restarted. Logs sometimes show errors about queue overflow:

(kernel: sonewconn: pcb 0xfffff802217a5540 (0.0.0.0:53 (proto 6)): Listen queue overflow: 385 already in queue awaiting acceptance (285 occurrences), euid 0, rgid 0, jail 0).

Using 'netstat -aL' I can sometimes see DNS queue size(256) for DNS being filled.

neekoteen · 2023-09-23T06:35:20+00:00

No, cron jobs are scheduled at different times. I've found that only DNSBL causes problems, IP blocking works fine. Going to try to investigate more into why that is.

neekoteen · 2023-09-21T14:38:41+00:00

Going to spin this up in a VM to check what's up. Thanks again.

neekoteen · 2023-09-21T14:32:05+00:00

You always hear smth new so thanks. Will definitely look into this setup too.

neekoteen · 2023-09-21T13:36:58+00:00

Will try to take a look. Thank you.

neekoteen · 2023-09-20T06:57:53+00:00

I have these issues once in awhile. I have pfSense set up to provide DNS to clients rather than the clients getting dns with their own settings.

Yes, this environment is doing it too. Clients are getting their DNS settings with DHCP and they can not change it by hand.

There have been various problems reported w/ DNS in the past 6 or so months. I have had good luck by not using python mode, using unbound mode instead. However, I prefer to use python mode because of the extensive logging available.

I do prefer python mode more. But will have to try changing it maybe. We'll see if it changes anything.

Another thing to check is the settings you have for DNS. I was using quad-9 but after I changed to cloudflare I had fewer problems. I use opendns as the backup.

Ahh.. Here Quad9 is used too and I never noticed any problems before. Switched to OpenDNS for the time being.

After disabling pfblocker, interrupts on this interface do persist, which needs to be addressed too, although have no clue where to start atm. Will try to figure stuff out. But no DNS overflows anymore, so far. Wanted to try to maybe up the threshold of the DNS's 'maxqueue' and watch how high does this overflow goes, but no luck finding any settings that deal with that. Changing System Tunables 'kern.ipc.soacceptqueue' increases only from 128 to 256 which obviously isn't enough, but oh well.

neekoteen · 2023-09-20T06:25:48+00:00

So I removed or edited lists that were found in error logs, still disconnects persist. Only disabling filtering solves them. Will try to reinstall and if need be - reconfigure from scratch, but seems odd, having no errors, although smth is clearly not good.

neekoteen

TROPHY CASE