Local Traffic Apears On WAN instead of LAN
-
Hi guys, I have a weird happenstance. We have 3 WAN connections and the 2nd one keeps giving us problems. very frequently gets up to super high latency and upwards of 70% packet loss. During the course of investigation the WAN2 traffic graph showed incoming 25mbps traffic to our DHCP server (10.0.1.3, running on Server 2012). It also showed outgoing 25mpbs traffic on 10.0.1.94 (random android client I assume to be trying to get an IP on our wifi). We did a packet capture on WAN2 searching for IP 10.0.1.3. It showed a bunch of DHCP request going from 10.0.1.94 to 10.0.1.3. When we unplug WAN2 and plug it back in that traffic goes away and the latency and packet loss go away. I put a rule on the WAN2 side to block port 67-68 with logging turned on. Nothing shows up on the logs but we still get the same traffic and the packet captures show the same DHCP requests (different clients though). Block Bogon Networks and Block Private networks is enabled on the interface already. We thought it was our modem for a while but this is the third modem we've used with the same problem (always on WAN2). Any ideas what could be happening?
Our current setup:
pfSense 2.2.3 virtual machine
Each virtual interface has a dedicated physical interfaceWAN1 on VMX0 -> Cable Modem 1
WAN2 on VMX1 -> Cable Modem 2
WAN3 on VMX2 -> Cable Modem 3
LAN on VMX3 -> Trunk Port on switch
VLANs 1-12 -> VMX3Virtual interfaces have Promiscuous Mode, MAC address changes, and forged transmissions enabled.