WAN interface passing to private destinations

[glenb2]

Hello,

Sorry if this is a dumb question, but could someone explain why my WAN interface is passing outward traffic to these networks? These are not even ranges that exist in my internal network.

[wincent]

Is your WAN interface bound to a public IP address? x.x.x.235?

[glenb2]

Thanks for the response. Yes, my WAN ip has a public address ending in .235

[wincent]

This should be a default rule. Can you provide more information? Interfaces or directions

[glenb2]

I have a pretty simple setup. I have LAN, WAN, WG0(Wireguard), and IOT interfaces. My IOT network prevents internal communication using a rule that only allows internet access, by using an alias that describes RFC1918 ranges and a rule that allows traffic excluding the alias ranges using the invert option in the rule. Mu LAN interface runs on 192.168.10.X. My WG0 interface runs on 10.14.x.x. WAN interface has block private and bogon networks enabled.

I use a destination NAT rule to force all DNS requests to use pihole, then I use OPNsense unbound as the upstream server.

OPNsense runs on top of Proxmox (forbidden router I know)

I looked up port 7000, and while I do use MacOS and Apple products, I don't have any devices at these addresses. They are all in the LAN interface range. I have pinged these addresses and there is no response.

Thanks again for the response!

[wincent]

Em...It looks like a broadcast packet, but it shouldn't come from a public network address. Are there any other rules besides DNS NAT rules?

[glenb2]

Here are my rules. I only have 5. I passthrough my WAN port directly to my OPNsense VM so Proxmox isn't exposed to the internet.

Thanks!

[wincent]

What is the destination address(WAN address) port range for interface WAN rule?