OPNsense Forum
Archive => 18.1 Legacy Series => Topic started by: dakoellis on February 19, 2018, 05:53:45 pm
-
Hi All,
Hopefully a quick one... I'm looking through the logs and I have a bunch of DNS querys (udp/53) and ICMP packets going to google primary and secondary DNS (8.8.8.8, 8.8.4.4). The weird thing (to me) is they are coming from my WAN address, even though I'm using QUAD9 for my DNS servers, not Google. I do have some google home minis and chromecasts, but I figured they wouldn't show in the logs as coming from the WAN address but their own, so my question is, does OPNsense have anything hardcoded to hit those DNS servers, or does the firewall log just show everything coming from the WAN address?
Thanks!
-
Everything that will be sent out on WAN will be shown as source is WAN IP as this is what is going on. Think about it - especially in context of Source Network Address Translation.
-
OK that's what I was thinking but I thought I remembered seeing something coming from a private IP going out to the internet before... Maybe that was a different firewall though. Thanks!
-
Capture traffic on your LAN address and you'll see what is going out to google's DNS.
Most likely it's an Android-based device or something like a Roku.
-
OK that's what I was thinking but I thought I remembered seeing something coming from a private IP going out to the internet before... Maybe that was a different firewall though. Thanks!
I just checked, no public DNS resolver (OpenDNS in my case) request is made from LAN net, only from WAN address.