OPNsense Forum

Archive => 20.1 Legacy Series => Topic started by: xofer on April 21, 2020, 04:49:42 pm

Title: Private network traffic on WAN
Post by: xofer on April 21, 2020, 04:49:42 pm

I have disabled private networks on my wan and yet I still get traffic from 192.168.1. subnet.

I guess it is from my ISP router - they serve NATted network as well as public ip on the same port. But why does opnsense let this traffic in?

"Block private networks" on WAN (re1) is switched on, but yet:

Code: [Select]

# ping 192.168.1.254
PING 192.168.1.254 (192.168.1.254): 56 data bytes
64 bytes from 192.168.1.254: icmp_seq=0 ttl=64 time=0.580 ms
64 bytes from 192.168.1.254: icmp_seq=1 ttl=64 time=0.366 ms

The packets definitely seem to go out and back on the re1 interface:

Code: [Select]

[quote]# tcpdump -nn -i re1 host 192.168.1.254
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on re1, link-type EN10MB (Ethernet), capture size 262144 bytes
14:36:51.814864 IP 195.50.196.206 > 192.168.1.254: ICMP echo request, id 19307, seq 0, length 64
14:36:51.815392 IP 192.168.1.254 > 195.50.196.206: ICMP echo reply, id 19307, seq 0, length 64
14:36:52.818861 IP 195.50.196.206 > 192.168.1.254: ICMP echo request, id 19307, seq 1, length 64
14:36:52.819747 IP 192.168.1.254 > 195.50.196.206: ICMP echo reply, id 19307, seq 1, length 64
[/quote]
I checked that the address is not amoung configured addresses (ifconfig | grep 192.168), not routed (netstat -nr | grep 192.168) and not directly connected to the switch (arp -an | grep 192.168).

So I guess it is accessible through the WAN upstream gateway...

But shouldn't the "block private networks" switch make opnsense drop these packets?