Hi all,
I have tested a root server @Hetzner with opnsense and I have the feeling that I'm witnessing all the traffic within the given /26 of the root server assigned public IP address... Had anyone seen this as well? Have I perhaps missed any "opnsense" settings on my WAN interface?
In example:
Interface Time Source Destination Proto Label
-------------------------------------------------------------------------------------------------------------------
WAN1 2025-09-20T09:42:11 65.109.83.177:51040 xx.xx.xx.14:9060 tcp WAN1_DENY_ALL
WAN1 2025-09-20T09:42:11 65.109.83.177:41840 xx.xx.xx.14:9901 tcp WAN1_DENY_ALL
WAN1 2025-09-20T09:42:11 65.109.83.177:51246 xx.xx.xx.14:9100 tcp WAN1_DENY_ALL
WAN1 2025-09-20T09:42:11 45.142.193.63:56217 xx.xx.xx.13:22363 tcp CrowdSec (IPv4) in
WAN1 2025-09-20T09:42:11 65.109.83.177:44502 xx.xx.xx.14:9113 tcp WAN1_DENY_ALL
WAN1 2025-09-20T09:42:11 65.109.83.177:38206 xx.xx.xx.14:9903 tcp WAN1_DENY_ALL
WAN1 2025-09-20T09:42:11 65.109.83.177:37934 xx.xx.xx.14:5054 tcp WAN1_DENY_ALL
WAN1 2025-09-20T09:42:11 65.109.83.177:37532 xx.xx.xx.14:9902 tcp WAN1_DENY_ALL
I do not own any of the destination IP listed above...
Let me know,
Kind regards,
m.
EDIT: the OPNsense wan interface is not in promiscuous mode / IPS is enabled on the interface in IPS mode