IDS/IPS Logs source IP

Started by JasMan, August 12, 2019, 01:42:03 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 12, 2019, 01:42:03 PM
Hey,

I've enabled the IDS and IPS mode for the WAN interface only on my OPNsense 19.7.2.

I noticed that the IDS/IPS log shows sometimes the client IP, and sometimes the OPNsense WAN interface IP as source IP of blocked connections (see attachment, red client IP, green WAN IF IP). NAT is not enabled.

Of course I would like to see always the client IP to identify the client which tries to initialize the connection.

Any idea how to do that or why I see sometimes the WAN IP?

Thank you.
Jas






Duck, Duck, Duck, Duck, Duck, Duck, Duck, Duck, Goose
August 12, 2019, 01:46:23 PM #1
Oh, forget it. Just realized that the blocked connections with the WAN IP are DNS querys, which comes of course from the WAN interface because Unbound is my DNS resolver.

Muuuahh....I thought about this issue the whole weekend. And two seconds after I post it here, I got the solution by myself.  ::)
Duck, Duck, Duck, Duck, Duck, Duck, Duck, Duck, Goose
Print
Go Up Pages1
User actions