Live Log & odd entries

[Callahan]

Hi,

So I was looking through the Live Log of one of my OPNSense FWs as I'm building Prometheus into the stack to monitor the FW stats via node_exporter and SNMP. I came accross a reoccuring entry in the Live Log as shown below:

Code Select Expand


Interface       Time                     Source                                               Destination     Protocol        Label
LAN             Oct 26 14:30:04          static.134.20.251.148.clients.your-server.de:42218   10.20.1.4:443   tcp       let out anything from firewall host itself

I do have a reverse proxy hosted on the 10.20.1.4 IP address so I'd expect INBOUND traffic to be showing up but this doesn't seem to be the case. This is showing as an OUTBOUND connection via my LAN. The source is an EXTERNAL IP which belongs to the Idaho National Laboratory in the US yet the FQDN seems to suggest that it's based out of Germany.

So, confused on more than one level.
1. The most important is why does the log tell me it's an outbound connection when the source is an external address?
2. What's with the confusing source address?

Any pointers gratefully received.