Flint 3.216 leaks LAN IPs via WAN

I know that v. 3.216 is pretty old, but I still run it on one of my GL-Inet routers (Flint) since it does all what I need.
Flint runs in Router mode and is used as AP for pfSense, it gets from pfSense and Flint’s LAN is subnet (additional NAT but I don’t care in this case).
To my surprise I see packets sent/received by/to LAN clients leaking via Flint WAN interface and I am not sure I understand how it can happen because it should not due to NAT. I can not say that I see a lot but I see some (1-10 per hour) - may be someone can explain how it can happen in principle?

The screenshot 1 shows the result of " tcpdump -i eth0 net 192.168.11" command running on Flint, where eth0 is WAN interface, “192.168.11” is LAN subnet:

Galaxy-Tab-S7.lan is the tablet connected to Flint via wifi (, the external IP is (in this example but can be any).

The screenshot 2 shows the pfSense firewall log showing blocked requests sent from to (Galaxy-Tab-S7) and used to accompany the tcpdump output. But in fact the log may contain requests from and to the local clients from different external IPs.

Does anybody know what is going on?

Additional info:
a) I know that there is a similar topic " WAN to LAN leakage during boot on Flint AX1800 firmware 3.213" but looks like I have a different problem;

b) Flint firewall setting “drop invalid packets” is on;

Any ideas are very welcome.


Have not used 3.x in a long time:
I want to say it is MWAN3 but I don’t think 3.x has Multi-Wan option
Goodcloud or VPN policey?

Honestly? I would just update Uboot and install the 4.x firmware


I was monitoring AXT1800 Slate v.4.2.0 for 2 days, it does not leak local IP addresses via WAN and I guess this is the good news.