Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Private IP RFC1918 packets allowed to leak out

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 1.6k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      freeridevt
      last edited by

      I stumbled upon this thinking I was scanning my own network only to find my scan was run against someones cisco far far away.  My LAN uses a /24 network from the 10/8 range.  I scanned a single IP address with only the 3rd octet different.  (Not in my network but close.)

      The scan went out through my pfsense firewall and discovered someone elses router.  I traceroute it and its 5 hops away, through my ISP.

      Anyway, I still have the 2 default rules in my firewall set blocking private IP space.  Any idea how these packets got out?

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        Wow, your ISP shouldn't route RFC1918 space anywhere. Apparently they use it inside their network, likely one of their routers you were hitting.

        The block private networks only applies to the WAN interface, only for traffic initiated outside. If you want to keep RFC1918 packets from going out, put deny rules on your LAN as well.

        WAN rules, and the block private networks feature only apply to traffic initiated from the Internet. This traffic was initiated from your LAN, and your LAN rules allowed it.

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.