WAN interface passing to private destinations

Started by glenb2, Today at 03:00:03 AM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
Today at 03:00:03 AM
Hello,

Sorry if this is a dumb question, but could someone explain why my WAN interface is passing outward traffic to these networks? These are not even ranges that exist in my internal network.
Today at 04:11:46 AM #1
Is your WAN interface bound to a public IP address? x.x.x.235?
Every morning, I wake up and check the Forbes list first. If I'm not on it, I go to work.
Today at 04:29:41 AM #2
Thanks for the response. Yes, my WAN ip has a public address ending in .235
Today at 04:55:47 AM #3
This should be a default rule. Can you provide more information? Interfaces or directions
Every morning, I wake up and check the Forbes list first. If I'm not on it, I go to work.
Today at 05:22:45 AM #4 Last Edit: Today at 10:19:44 AM by glenb2
I have a pretty simple setup. I have LAN, WAN, WG0(Wireguard), and IOT interfaces. My IOT network prevents internal communication using a rule that only allows internet access, by using an alias that describes RFC1918 ranges. This rule allows traffic excluding the alias ranges using the invert option in the rule. My LAN interface runs on 192.168.10.X. My WG0 interface runs on 10.14.x.x. WAN interface has block private and bogon networks enabled.

I use a destination NAT rule to force all DNS requests to use pihole, then I use OPNsense unbound as the upstream server.

OPNsense runs on top of Proxmox (forbidden router I know)

I looked up port 7000, and while I do use MacOS and Apple products, I don't have any devices at these addresses. They are all in the LAN interface range. I have pinged these addresses and there is no response.

Thanks again for the response!
Today at 06:58:09 AM #5
Em...It looks like a broadcast packet, but it shouldn't come from a public network address. Are there any other rules besides DNS NAT rules?
Every morning, I wake up and check the Forbes list first. If I'm not on it, I go to work.
Today at 07:35:42 AM #6
Here are my rules. I only have 5. I passthrough my WAN port directly to my OPNsense VM so Proxmox isn't exposed to the internet.

Thanks!
Today at 09:06:20 AM #7
What is the destination address(WAN address) port range for interface WAN rule?
Every morning, I wake up and check the Forbes list first. If I'm not on it, I go to work.
Today at 09:26:47 AM #8
Quote from: glenb2 on Today at 03:00:03 AMSorry if this is a dumb question
That is how routing works, if it is not local, it gets out the default gateway.

Why is your last screenshot not showing any ports, that is dumb for sure.
Today at 09:40:58 AM #9
Lol Bob chill dude, try not to be so passive aggressive all the time.
Hardware:
DEC740
Today at 09:52:25 AM #10 Last Edit: Today at 09:58:43 AM by lmoore
Quote from: glenb2 on Today at 03:00:03 AMcould someone explain why my WAN interface is passing outward traffic to these networks? These are not even ranges that exist in my internal network.

If I understand your question, are you saying these packets are are being allowed in through your WAN interface and due to the routes configured on your firewall, they are then going back out to the Internet?

Please provide details about your WAN connection and equipment, and which mode of operation the modem is operating in, e.g. bridge mode.

To avoid connections to RFC-1918 destinations leaking out of your firewall to the Internet, other than those directly connected to OPNsense, you can create black hole routes in OPNsense, in addition, as an added precaution you can create a rule to prevent connections to RFC-1918 destinations going out your WAN interface .

In addition, did you enable the option in your WAN interface to Block private networks?
Today at 09:54:00 AM #11
There is no range. It is just a single number that allows for VPN access into OPNsense from the internet.


Bob.Dig, I'm here asking for help and to learn because I'm not a network engineer. Wincent is asking about an 'in' rule. My concern is that I don't understand why I'm seeing outbound traffic to what I thought were private address spaces from my WAN interface.
Today at 10:04:29 AM #12
Here is my alias. Yes, private networks and bosons are blocked on my WAN interface.

lmoore and Monviech, Thank you.
Today at 11:31:42 AM #13
Quote from: glenb2 on Today at 09:54:00 AMThere is no range. It is just a single number that allows for VPN access into OPNsense from the internet.


Bob.Dig, I'm here asking for help and to learn because I'm not a network engineer. Wincent is asking about an 'in' rule. My concern is that I don't understand why I'm seeing outbound traffic to what I thought were private address spaces from my WAN interface.


I thought it was inbound traffic, but if it's outbound, it's normal. As Bob.Dig said, the firewall defaults to sending all non local packets to the default gateway.

If you don't want to see these, set a rule as lmoore mentioned to intercept them.

:)
Every morning, I wake up and check the Forbes list first. If I'm not on it, I go to work.
Today at 11:52:35 AM #14 Last Edit: Today at 12:03:33 PM by glenb2
Thank you. I didn't expect I would have to do that. I came here for education. Thank you..

I politely steer whoever to notice from my first post that I described outward traffic.

Thank you wincent, lmoore and Monviech
Print
Go Up Pages1 2
User actions