For evaluation purposes I've setup this scenario (as virtual machines):
* OPNsense 19.7
* WAN interface uses DHCP
* LAN1 interface 192.168.101.1/24 with DHCP server running
* LAN2 interface 192.168.102.1/24 with DHCP server running
* SSHD enabled
* firewall open for SSH, HTTP, HTTPS on LAN1 and LAN2
* Linux test system with interfaces in both networks: 192.168.101.10 and 192.168.102.10 (assigned via DHCP)
Now I see behavior I can't explain. When I access the OPNsense system from the test system, the SSH/HTTP/HTTPS ports are undeterministically accessible (via browser, SSH client, nmap).
Is this a bug?
A configuration problem?
An understanding problem on my part?
Quote
insel:~ # nmap 192.168.101.1
Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-21 13:34 CEST
Nmap scan report for 192.168.101.1
Host is up (-0.0068s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
MAC Address: 52:54:00:C3:8C:3B (QEMU virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 32.77 seconds
insel:~ # nmap 192.168.101.1
Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-21 13:45 CEST
Nmap scan report for 192.168.101.1
Host is up (-0.0068s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
MAC Address: 52:54:00:C3:8C:3B (QEMU virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 32.00 seconds
insel:~ # nmap 192.168.101.1
Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-21 13:46 CEST
Nmap scan report for OPNsense.localdomain (192.168.101.1)
Host is up (-0.020s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
443/tcp open https
MAC Address: 52:54:00:C3:8C:3B (QEMU virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 22.82 seconds
insel:~ # nmap 192.168.101.1
Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-21 13:48 CEST
Nmap scan report for 192.168.101.1
Host is up (0.00028s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
MAC Address: 52:54:00:C3:8C:3B (QEMU virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 34.56 seconds
Quote
insel:~ # nmap 192.168.102.1
Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-21 13:34 CEST
Nmap scan report for 192.168.102.1
Host is up (-0.0069s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
MAC Address: 52:54:00:5F:54:3F (QEMU virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 33.13 seconds
insel:~ # nmap 192.168.102.1
Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-21 13:45 CEST
Nmap scan report for 192.168.102.1
Host is up (-0.0090s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
MAC Address: 52:54:00:5F:54:3F (QEMU virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 30.95 seconds
insel:~ # nmap 192.168.102.1
Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-21 13:46 CEST
Nmap scan report for OPNsense.localdomain (192.168.102.1)
Host is up (-0.020s latency).
Not shown: 997 filtered ports
PORT STATE SERVICE
53/tcp open domain
80/tcp open http
443/tcp open https
MAC Address: 52:54:00:5F:54:3F (QEMU virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 22.95 seconds
insel:~ # nmap 192.168.102.1
Starting Nmap 7.70 ( https://nmap.org ) at 2019-10-21 13:48 CEST
Nmap scan report for 192.168.102.1
Host is up (0.00032s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
MAC Address: 52:54:00:5F:54:3F (QEMU virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 31.56 seconds