Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - Crab

Pages1
#1
19.1 Legacy Series / WAN to LAN traffic not working
March 15, 2019, 02:59:44 PM
I believe there is an issue with WAN to LAN traffic using PRIVATE IP addresses and is documented in the thread link below.

The issue appears to be related to NAT shut off and using PRIVATE IP addresses. However, this is a guess.

Turning off the firewall results in everything working fine. So the routing and PC setup, network addresses are all fine.

Enabling the firewall, permitting all traffic from WAN and LAN side allows LAN to WAN communication.
WAN to LAN communication is blocked.. it should be allowed.
All NAT is disabled.

The private IP addresses should have nothing to do with the issue, unless there is a software glitch where private IPs are being blocked, even though all PRIVATE/BOGON nets are allowed on both interfaces.

This should be a simple configuration to test. This exact configuration worked about 12 months ago with a previous version of OPNsense.



https://forum.opnsense.org/index.php?topic=12018.0
#2
General Discussion / WAN to LAN traffic not working
March 12, 2019, 09:03:29 PM
I'm using OPNsense (latest.. v19.1.4) in an educational setting for instruction to Community College level students.. as such have all private networks.. here is setup.

172.16.0.x [WAN] -- [OPN] -- [LAN] 10.1.1.x  (all /24)

Block Bogon/Private nets both unchecked.
NAT is DISABLED
DHCP disabled (using all static addresses)
WAN machine I am using has gateway pointing to OPN

Inside LAN I have an SSH service. I am trying to demo some firewall rules to allow unsolicited traffic from WAN side. I set up rules to allow ICMP on WAN interface and expect to ping a host on the 10 network. I set up a rule to allow SSH on WAN side and expect to log into SSH service.

So from WAN side:
   ping 10.1.1.2
   ssh test@10.1.1.2

Both fail even though I have WAN rules to permit all IPV4 traffic thru.


If I disable firewall filtering.. both tests above work, so router is working fine; as is PC config.

If I reverse the situation and put the SSH service on WAN and put the rules on the LAN side, I can access SSH fine. Same with ICMP rule.. if moved to LAN, lan machines can ping a WAN machine fine.

  Ping 172.16.0.183
  ssh test@172.16.0.183  both work fine

Am pretty sure nothing is mechanically wrong, but I suspect there is something going on inside that I am unaware and wonder if anyone can let me know what is going on for my own education.

I tried looking at logs and can see the SSH traffic going into the WAN, out the LAN to the LAN SSH service, but nothing is logging coming back from the LAN. It is as if the return SSH frames are dropped before getting into the log.

I changed darned near every setting in Firewall -> Advanced and nothing seemed to work.

I will say that I did these tests a year ago with v17 (or 18) of OPN and it did work then. Don't think I am doing anything different.

Any suggestions appreciated.

Dave Crabbe
NSCC
Pages1