Why would a LAN device send traffic specifically to the WAN IP?



  • PfSense is set to default deny all outbound on the LAN side and allow only what's needed. Upstream from pfSense's WAN is a Verizon ONT. UPnP is disabled in pfSense. Here's what I'm seeing in the firwall logs, not often, but about 10-15 at a time when they occur.

    fwdenied.png

    The source device is an Apple TV and the destination IP is my WAN, which changes with Verizon's DHCP lease. The source port is always the same, but destination port is always a random high port. Some searching brought up that port 16403 is related to iMessage and iTunes Games. I have/use neither and the ATV works fine for regular video streaming.

    If I make an allow rule, the traffic is passed but my question is, what's happening when something on the LAN specifically is trying to communicate with the WAN address?


Log in to reply