DHCP responses on WAN interface

[TeKK]

Hello,

I am a new user to OPNsense and I am trying to understand some log entries on my WAN interface. I'm getting DHCP OFFER and ACKNOWLEDGE packets on my WAN interface from my cable provider's DHCP server (10.80.212.53).

Code: [Select]

Interface Time Source Destination Proto Label
WAN Apr 2 03:51:36 10.80.212.53:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 2 03:51:36 10.80.212.53:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 2 03:51:16 10.80.212.53:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 2 03:51:11 10.80.212.53:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 2 03:51:05 10.80.212.53:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 2 03:51:02 10.80.212.53:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 2 03:51:00 10.80.212.53:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 2 03:50:55 10.80.212.53:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 2 03:50:55 10.80.212.53:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 2 03:50:55 10.80.212.53:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 2 03:50:46 10.80.212.53:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 2 03:50:42 10.80.212.53:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 2 03:50:42 10.80.212.53:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 2 03:50:40 10.80.212.53:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 2 03:50:37 10.80.212.53:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 2 03:50:33 10.80.212.53:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 2 03:50:21 10.80.212.53:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 2 03:49:55 10.80.212.53:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 2 03:49:53 10.80.212.53:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 2 03:49:49 10.80.212.53:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 2 03:49:49 10.80.212.53:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 2 03:49:32 10.80.212.53:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 2 03:49:09 10.80.212.53:67 255.255.255.255:68 udp Block private networks from WAN
WAN Apr 2 03:49:06 10.80.212.53:67 255.255.255.255:68 udp Block private networks from WAN


I did a packet capture and viewed the data in Wireshark. What I noticed was that these OFFERs and ACKNOWLEDGEMENTS were responses to other user's (Cable Customers) DHCP DISCOVER and REQUEST messages and not mine. Each packet contains a different Client IP address and MAC address. I know that DHCP can communicate via Broadcast or Unicast. In this case, the responses from the server are being broadcasted back to the clients.

1) Is this normal to see on the WAN interface?
2) Is this traffic supposed to be allowed to the Firewall?
3) Why are the broadcasts only showing up from the server but I am not seeing client broadcasts for the DISCOVER messages?

If somebody could please help me out with these questions, it would be much appreciated.

[chemlud]

...welcome to the club

https://forum.opnsense.org/index.php?topic=12285.0

What I have noticed is that the problems with renewing WAN IP have gone away recently, but I don't know why the DHPC is now on RFC1918 IP range.

Your provider is in Germany?

[TeKK]

Oh wow, our posts are literally 4 minutes apart from each other.

I am in the US using Spectrum as my provider.

[chemlud]

...would love to confirm that other routers (plastic consumer trash) get their DHCP from same servers. Or are the opnsenses singled-out for special treatment?