Neither SRC nor DST are my network

antilog

I am seeing firewall log entries for blocked connections to and from IP's that are neither my WAN nor in my LAN.  What could be happening here?  Could my pfSense box be routing for other networks??

johnpoz

Can you post up an example, and what is your lan network, and give us something to work off of your wan, does not have to be the exact address if you worried posting it, etc.

For example my wan is

IPv4 address 24.13.176.xxx 
Subnet mask IPv4 255.255.248.0

if you want to figure out which specific IP I am out of those 2046 some hosts, hey have fun ;)

But this would allow us to know the address is on your segment, some other segment.

If had to guess I you could be seeing broadcast type traffic..  Which your wan interface should see, but wouldn't be your exact address.  Also what interface is seeing the block wan or lan?  A screen dump of your firewall log would be great, and then enough info to know what networks your actually on.

antilog

I am pretty sure it was an internal VPN client communicating with an external network.  Sorry I missed you reply!