I've spent many hours scrounging for a solid answer without a satisfactory answer, so this is when I usually turn to Patio, Lembke, CarbonDudeOxide (whom is AWOL for a good reason I hope), and the other good geeks at CH.
I'd like for anyone to feel free to take their best shot as to why (in general networking terms) anyone's firewall would see spoofed packets coming from their own LAN and being sent to their public WAN address.
SAMPLE:
TCP [SYN] len=60 ttl=62 tos=0x00 srcmac=(gateway router's MAC addy) dstmac= (firewall's external NIC MAC addy)
To my dumb brain, the packets,(forgetting their spoofed for the moment), are not serving a purpose. I mean, they running in a circle.
I log invalid packets [ACK SYN] & [RST] all day from foreign countries - not to mention - (mainly) amazon, google, and akamai. None are spoofed, however.
