Hi,
I've tried to switch from my cli based Vyos Firewall to OPNSense this weekend.
Unfortunately without success.
I've installed a a current downloaded version which I updated emediately inside my Proxmox (KVM) Hypervisor box.
I've three (3) Networks. A small /29 border net, a /24 "production one" and a private /24 behind for internal use. Everything worked fine and I could create al the aliases for weberserver, mailserver, DNS-server etc.
One of my first rules was a icmp ping rule to be able to ping all hosts with an official ip-adresse from the outside during installation.
To make a long story short: I haver had a permanent ping from the outside to one address inside the official /24 net. and it responds like acharm. Also the webservices. mail and dns-services were already rechable from the oudside like it should be.
Suddenly the ping stopped (timeout) and also the access to all the other services were blocked.
Nothing helped until now - not even a reboot of the whloe virt-host.
Any idea where I could have a look?
regards
Robert
Maybe temporarily turn off Suricata / IPS to see if you have accidentally blocked the hosts?
You can also back step your configuration via System -> Configuration -> History
Thnak's for the hint but Suricata is not eanbled at all. I haven't changed anything at the service section.
Source IP of Ping Host and Destination IP please
Incredible - a chain of stupid coincidences!
My provider had a core switch failure. Somehow the system had a different routing for my networks after the failover. Instead of routing the productive network to .2 of the border network, it was routed to .3 all at once.
Exactly at the moment when I configured my installation.
Just to clarify: My issue was NOT a OPNsense problem.
After I have changed to the "new" routing address everithing worked like a charm.
I just switched back to the old vyos setup because of the lost time I couldn't transfer my openvpn tunnels to the new system. I'll see - may I can mange this in during the next weekend.
Thx for your feedback!