MultiWan - IP Spoofing errors
Hopefully this will make sense and someone may have an idea before I open a case.
I have 2 separate ISP connections. ISP A(General Internet/GINET) and ISP B(MAIL)
I have the firewall setup as follows
Eth0 - ExtMail (ISP B - Mail) - Direct internet connection
Eth1 - ExtINET (ISP A - GINET) - Have to use their modem/router/ap(for wifi) combo
Eth0 is setup as static IP from ISP B
Eth1 is setup as Dynamic IP from ISP A, which is configured using Advanced DMZ on their modem, have to do it this way to get external IP on the firewall on Eth1
All is working as intended,
I have general Internet going in/out on Eth1/ISP A
and all
Mail flow is going in and out on Eth0/ISP B as expected.
The ip spoofing messages happen when I try to access our mail server on ISP B from ISP A. they are using wifi from the ISP A modem/router/ap
Comments
What IP addrs do the devices which connect to the AP get?
Is this subnet defined someplace on your firewall?
What is the source interface in the spoofing log message?
Care to post a sample spoofing log message?
What IP addrs do the devices which connect to the AP get?
192.168.2.x - not located on the WG Firewall at all
Is this subnet defined someplace on your firewall?
No
What is the source interface in the spoofing log message?
The IP of ISP A (XXX.XXX.237.106)
Care to post a sample spoofing log message?
here is a sample
FWDeny, ip spoofing sites, pri=4, disp=Deny, policy=Internal-Policy, protocol=https/tcp, src_ip=xxx.xxx.237.106(, src_port=55554, dst_ip=xxx.xxx.27.70, dst_port=443, src_intf=Ext-Mail, dst_intf=Firebox, rc=101, pckt_len=64, ttl=60, pr_info=offset 11 S 809886053 win 65535
Looks to me that Fireware is not expecting a packet with the ISP A public IP addr to come to the ISP B external interface.
One option is to add a AP to an internal firewall interface instead of using the ISP A's AP for this access. Additionally, if you do this, then you get to control (should you so wish) what your wi-fi users can access using firewall policies.