Firewall logs show blocking IP address different to my WAN intereface
-
If I look at system logs then filter on Block WAN interface and have a look through, obviously there's a lot of stuff being blocked, but I'm intrigued to know how it's possible that I have entries in there where the destination address is different to my WAN address. I have a static WAN ip, but how can the Destination IP be different to my WAN ip when I've filtered the logs based on WAN?
Image below shows my firewall log with the last two octects obfuscated. The yellow ones have a different WAN ip to my actual WAN ip.
-
And is that a broadcast IP? For what your mask is..
Pfsense would not look or log traffic that was not for its interface. So you either have a vip, or its broadcast.. What is the mask of your connection and what is the last octet?
-
The WAN interface is PPPoE and the IP address is assigned by my ISP.
-
What's the netmask you get assigned by your ISP and what's the last octet from not-your-IP in the logs?
-
What's the netmask you get assigned by your ISP and what's the last octet from not-your-IP in the logs?
netmask is /32 (0xffffffff)
last octects that I've seen of not-my-ip address are: 168,170,171,172,174,175, etc. I don't see any 255s -
You're seeing your neighbours broadcasting and whatever.
ISP hands out a /32 to all of you on that gateway segment so you could see every IP around. -
That seems kind of stupid? Why would isp give users /32?? What would be the point??
-
ISPs love doing it with PPPoE connections. I have a /32 on my WAN here as well.
That's why I asked about the netmask.Some reading here
http://networkengineering.stackexchange.com/questions/607/how-would-a-router-with-32-wan-subnet-mask-communicate-with-the-rest-of-the-int
