OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • No access or communication for servers beyond the firewall
« previous next »
  • Print
Pages: [1]

Author Topic: No access or communication for servers beyond the firewall  (Read 3974 times)

krunnal

  • Newbie
  • *
  • Posts: 5
  • Karma: 0
    • View Profile
No access or communication for servers beyond the firewall
« on: November 10, 2016, 06:00:29 pm »
Hi,

We are new to opnsense. We installed opnsense, have setup the wan and lan interface. I can get the GUI via lan and also managed to enable web GUI. but thats pretty much we have managed to do.

We are just not able to ping the servers connected behind PFsense. To give an overview..

A public IP is asspciated to the WAN (which i can access remotely). The LAN interface is connected to a switch.  There are multiple machines attached to the switch each with a public IP.   We want to access these machines via RDP or any possible uses but it seems pfsense is blocking all requests.

Our current firewall rules are as open,,attached img below.

Logged

bartjsmit

  • Hero Member
  • *****
  • Posts: 1604
  • Karma: 167
    • View Profile
Re: No access or communication for servers beyond the firewall
« Reply #1 on: November 10, 2016, 06:25:14 pm »
Any reason why you're not using DNAT for the internal hosts? If the reason is name resolution, look at split DNS.

Bart...
Logged

krunnal

  • Newbie
  • *
  • Posts: 5
  • Karma: 0
    • View Profile
Re: No access or communication for servers beyond the firewall
« Reply #2 on: November 10, 2016, 06:40:37 pm »
Hi Bart

Thanks for the quick response. Actually thats how we started hoping it will be pretty straigt forward, but it wdidnt work..so we started working backwards trying to make it simpler. ...until we reached a stage where we are looking to atleast manage a ping keeping all rules open. Once we get this we plan to build on it. Right now we just can pinpoint the issue. I thoight it must be the switch the lan interface is connected to, but i can ping and connect my machines from internal network so am sure its not the switch.
For wan i can connect to my opnsense ui remotely. So that part is ok i guess.

Based on the attached image of rules set am i missing something? Thanks again.
Logged

phoenix

  • Hero Member
  • *****
  • Posts: 510
  • Karma: 57
    • View Profile
Re: No access or communication for servers beyond the firewall
« Reply #3 on: November 10, 2016, 06:44:05 pm »
Do you actually have any DNS server(s) configured on your LNA or on the firewall?

You really do not want your firewall UI open to the internet, at the very least that's foolhardy and a security risk.
Logged
Regards


Bill

fabian

  • Hero Member
  • *****
  • Posts: 2768
  • Karma: 199
  • OPNsense Contributor (Language, VPN, Proxy, etc.)
    • View Profile
    • Personal Homepage
Re: No access or communication for servers beyond the firewall
« Reply #4 on: November 10, 2016, 06:46:19 pm »
Maybe your hosts drop the traffic from wan.
Logged

krunnal

  • Newbie
  • *
  • Posts: 5
  • Karma: 0
    • View Profile
Re: No access or communication for servers beyond the firewall
« Reply #5 on: November 10, 2016, 06:48:44 pm »
Yes for DNS. Its configured

actually the UI option is temporary as i can work on  opnsense remotely to setup a dummy enviorment to test the network design before we go live.
Logged

bartjsmit

  • Hero Member
  • *****
  • Posts: 1604
  • Karma: 167
    • View Profile
Re: No access or communication for servers beyond the firewall
« Reply #6 on: November 10, 2016, 07:17:48 pm »
If your firewall interface is accessible from the WAN, you may have the LAN and WAN interfaces mixed up. OPNsense's web interface should only be accessible on the LAN interface. As Bill said, having it accessible from the internet is a bad idea.

For safety, keep the WAN interface down and ensure that you can reach the web configuration from internal clients on a RFC 1918 range using the LAN interface. Then enable the WAN connection and confirm you can ping 8.8.8.8 from the firewall and internal clients before setting up port forwarding.

Bart...
Logged

krunnal

  • Newbie
  • *
  • Posts: 5
  • Karma: 0
    • View Profile
Re: No access or communication for servers beyond the firewall
« Reply #7 on: November 10, 2016, 08:15:42 pm »
Hi An update based on previous inputs.

We checked the Dashboard the IP assigned to WAN and LAN seem correct. Just to cross chekc though we interchanged the  cables..but then were not able to access GUI through LAN. So i am assuming the current interfaces is fine.

Regarding the testing..we used the " Interfaces: Diagnostics: Ping>>" option to check the pings. We were able to ping from

WAN  to outside IP
LAN to outside IP
Local + Default to outside IP

But when we tried to ping to the webserver that is behind the Firewall the ping failed for all aboove options.

FOR testing private ip assigned to a server behind firewall. We were able to ping
Default  to Private IP
Lan to Private IP

Thanks

Logged

krunnal

  • Newbie
  • *
  • Posts: 5
  • Karma: 0
    • View Profile
Re: No access or communication for servers beyond the firewall
« Reply #8 on: November 11, 2016, 02:10:01 pm »
Hi,

Can anybody guide us on this...some direction. We are not able to ping to the server behind the firewall..
Logged

Zeitkind

  • Full Member
  • ***
  • Posts: 178
  • Karma: 25
    • View Profile
Re: No access or communication for servers beyond the firewall
« Reply #9 on: November 12, 2016, 05:21:09 pm »
Not sure how you test them, because there are some caveats around that. From exactly where to where do you test the connection? Just to avoid typical pitfalls.
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 16.7 Legacy Series »
  • No access or communication for servers beyond the firewall
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2