Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
IDS/IPS Logs source IP
« previous
next »
Print
Pages: [
1
]
Author
Topic: IDS/IPS Logs source IP (Read 1942 times)
JasMan
Full Member
Posts: 175
Karma: 9
IDS/IPS Logs source IP
«
on:
August 12, 2019, 01:42:03 pm »
Hey,
I've enabled the IDS and IPS mode for the WAN interface only on my OPNsense 19.7.2.
I noticed that the IDS/IPS log shows sometimes the client IP, and sometimes the OPNsense WAN interface IP as source IP of blocked connections (see attachment, red client IP, green WAN IF IP). NAT is not enabled.
Of course I would like to see always the client IP to identify the client which tries to initialize the connection.
Any idea how to do that or why I see sometimes the WAN IP?
Thank you.
Jas
Logged
Duck, Duck, Duck, Duck, Duck, Duck, Duck, Duck, Goose
JasMan
Full Member
Posts: 175
Karma: 9
Re: IDS/IPS Logs source IP
«
Reply #1 on:
August 12, 2019, 01:46:23 pm »
Oh, forget it. Just realized that the blocked connections with the WAN IP are DNS querys, which comes of course from the WAN interface because Unbound is my DNS resolver.
Muuuahh....I thought about this issue the whole weekend. And two seconds after I post it here, I got the solution by myself.
Logged
Duck, Duck, Duck, Duck, Duck, Duck, Duck, Duck, Goose
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Intrusion Detection and Prevention
»
IDS/IPS Logs source IP
