Sometimes see local IP address when doing port-forwarding
Setup is very simple
smtp-server 126.96.36.199–----188.8.131.52 (LAN) pfSense (WAN) 184.108.40.206 (proxyARP VIP)-----Internet.
We are receiving all smtp connections to 220.127.116.11 at 18.104.22.168 with port-forwarding set up
rdr on em0 inet proto tcp from any to 22.214.171.124 port = smtp -> 126.96.36.199
Everything works perfectly but sometimes (fortunately pretty rarely) at smtp-server I receive smtp-traffic from 188.8.131.52!? It seems like pfSense tries to act as a spam-bot. I know it is impossible so some natting occurs with source IP.
pfSense has three physical interfaces LAN, WAN and one configured with several vlans.
I have checked all my NAT-rules approximately 42 times. Can not find anything.
Please any ideas.
Sorry, this is mirroring issue. If you hit 184.108.40.206:25 from any vlan interface then you will have source IP 220.127.116.11 in the packet received at 18.104.22.168.