I know that v. 3.216 is pretty old, but I still run it on one of my GL-Inet routers (Flint) since it does all what I need.
Flint runs in Router mode and is used as AP for pfSense, it gets 192.168.5.43 from pfSense and Flint’s LAN is 192.168.11.0 subnet (additional NAT but I don’t care in this case).
To my surprise I see packets sent/received by/to LAN clients leaking via Flint WAN interface and I am not sure I understand how it can happen because it should not due to NAT. I can not say that I see a lot but I see some (1-10 per hour) - may be someone can explain how it can happen in principle?
The screenshot 1 shows the result of " tcpdump -i eth0 net 192.168.11" command running on Flint, where eth0 is WAN interface, “192.168.11” is LAN subnet:
Galaxy-Tab-S7.lan is the tablet connected to Flint via wifi (192.168.11.142), the external IP is 220.127.116.11 (in this example but can be any).
The screenshot 2 shows the pfSense firewall log showing blocked requests sent from 18.104.22.168 to 192.168.11.142 (Galaxy-Tab-S7) and used to accompany the tcpdump output. But in fact the log may contain requests from and to the local clients from different external IPs.
Does anybody know what is going on?
a) I know that there is a similar topic " WAN to LAN leakage during boot on Flint AX1800 firmware 3.213" but looks like I have a different problem;
b) Flint firewall setting “drop invalid packets” is on;
Any ideas are very welcome.