I run monowall with three interfaces, one for WAN and two for my LAN.
The first for the LAN is directly connected to the fysical LAN, the
other is connected to an AccessPoint and I call it WLAN. This second one
(WLAN) is bridged to the LAN interface. So both share the same ip-range
On this WLAN interface the rules are somewhat more restricted than on
What I don't understand is that I see traffic being blocked by monowall
that seems to come from ip-addresses on the internet like 220.127.116.11
or 18.104.22.168 but coming in on the WLAN interface!
I am pretty sure the they cannot come in on the AccessPoint itself as it
is running with a hidden SSID, WPA2 combined with mac-address filtering.
And there is no NAT rule sending anything from the WAN interface to the
WLAN interface, the only NAT there is one redirecting port 25 to my
mail-server that is on the LAN.
But the traffic being blocked is *mostly* towards this port 25. Like
this one: WLAN 22.214.171.124, port 2410 192.168.77.253, port 25.
The mail-server is on that ip-address. It is just that you cannot reach
it from the WLAN interface, only from WAN.
So where do they come from?