some packet get trough router to server

[janci]

hi, I am not sure if this is related to opnsense but trying to understand what is going on.

I have server in local network, opnsens router is forwarding tcp 80 and 443 port from WAN to server. I have firewall on server and time to time I can see that firewall reject udp connection to port 14738 {several times in few seconds} and connection is comming from external ip {it is not from local net or any other vlans I have} I have static public ip on WAN

for example :

Code Select Expand

IN_public_REJECT: IN=lag1 OUT= MAC=0e:a8:4e:1d:3f:ed:00:0d:b9:58:db:24:08:00 SRC=141.148.95.205 DST=192.168.53.43 LEN=960 TOS=0x00 PREC=0x00 TTL=51 ID=28793 DF PROTO=UDP SPT=6969 DPT=14738 LEN=940

it is not clear how is that possible. thanks for help ...

[dseven]

Presumably a response to a request that your server had sent to UDP port 6969 on 141.148.95.205 ?

[janci]

yes, that a option I was thinking about but I dont see any service making a connection to external IP to that port. OK, I will try to monitor ...

anyway, thanks for tip