I had some hardware failures, replaced switch's and the opnsense updates. I say this because I have been using the log's more than ever. Maybe this is normal. I don't know! I keep getting many entry's in opnsense unbound log 157.134.199.XXX:53 [99478:4] error: read (in tcp initial): Connection reset by peer for 157.134.199.XXX port 53. Six or more a minute. Trying to find were this is coming from: let out anything from firewall host itself (force gw) (WAN)
Thanks for the help
> Trying to find were this is coming from: let out anything from firewall host itself (force gw) (WAN)
is the outbound leg from the firewall out to this ip.
You should be able to find the corresponding entry from the LAN of the device attempting the connection. It should be just next or very near it but you might need to enable that log in Firewall > Settings > Advanced: " Log packets matched from the default pass rules " likely.
Thanks for the reply, Source is my firewall IP. Destination is 157.134.199.XXX:53. The destination is reset by peer
That's what it will look like in the default logging as the firewall ip will be doing NAT for your clients. You still need to track the client making the original request as I said. Adding additional logging on the firewall is one way to assist it.