OPNsense Forum
English Forums => Intrusion Detection and Prevention => Topic started by: JasMan on August 12, 2019, 01:42:03 pm
-
Hey,
I've enabled the IDS and IPS mode for the WAN interface only on my OPNsense 19.7.2.
I noticed that the IDS/IPS log shows sometimes the client IP, and sometimes the OPNsense WAN interface IP as source IP of blocked connections (see attachment, red client IP, green WAN IF IP). NAT is not enabled.
Of course I would like to see always the client IP to identify the client which tries to initialize the connection.
Any idea how to do that or why I see sometimes the WAN IP?
Thank you.
Jas
-
Oh, forget it. Just realized that the blocked connections with the WAN IP are DNS querys, which comes of course from the WAN interface because Unbound is my DNS resolver.
Muuuahh....I thought about this issue the whole weekend. And two seconds after I post it here, I got the solution by myself. ::)