WAN interface passing to private destinations

Started by glenb2, Today at 03:00:03 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
Today at 12:47:09 PM #15
Quote from: glenb2 on Today at 07:35:42 AMHere are my rules.

If the unknown and unexpected traffic is originating from inside the network, e.g, from either IOT, LAN or WireGuard interfaces, enabling logging on the LAN, WAN and WireGuard rules should show where they are coming from.

Looking at these rules, I would hedge my suspicion towards the WireGuard interface as the LAN & IOT rules are restricting the connections from these networks to their respective network addresses.

If this traffic is unexpected, it is advisable to identify their source and resolve the real problem.

Depending on how you use your WireGaurd VPN, you could have one or more rules and set the Source to be WireGuard (Group) network.

Are their any Wireless Access Points connected to the network?
Today at 12:53:14 PM #16
Quote from: Bob.Dig on Today at 09:26:47 AM
Quote from: glenb2 on Today at 03:00:03 AMSorry if this is a dumb question
That is how routing works, if it is not local, it gets out the default gateway.

Why is your last screenshot not showing any ports, that is dumb for sure.

Showing who you really are on the internet is dumb for sure. Have the life you deserve. :)
Today at 01:51:03 PM #17
I once had "out" rules blocking RFC1918 IPs on WAN (which shows one of the very few appropriate uses for "out" rules), but then somebody pointed me to this way better approach:

You cannot view this attachment.

Why this works? Because your local RFC1918 interface routes are more specific than these and make your real routes work.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, Leox LXT-010H-D

1100 down / 450 up, Bufferbloat A+
Print
Go Up Pages 1 2
User actions