Hi everyone :D I just switched from pfSense to OPNsense, it feels nice but I have a small problem I hadn't encountered before switching to OPNsense.
My network consists of two routers, a computer, and a server. I configured OPNsense to NAT the 445 port to a file server to expose Samba shares. When trying to reach the file share from a computer in the
192.168.1.0 /24 subnet, the computer doesn't receive a response from the server.
I placed a network tap to listen to traffic and noticed that when replying to the computer, the TCP
[SYN, ACK] from the server is sent by OPNsense to
192.168.1.1 but with the destination MAC address of the ISP router:
11:11:11:11:11:11. As it doesn't receive a reply, the computer then tries again and starts a TCP retransmission.
Quote192.168.1.1:49849 (33:33:33:33:33:33) -> 192.168.1.253:445 (22:22:22:22:22:22) [SYN]
192.168.1.253:445 (22:22:22:22:22:22) -> 192.168.1.1:49849 (11:11:11:11:11:11) [SYN, ACK]
(https://i.stack.imgur.com/0QVJv.png)
OPNsense is configured as follows: the WAN interface has
192.168.1.254 as a gateway and NAT outbound rules that rewrite the source address for traffic exiting the firewall. Traffic from the LAN network to the internet works fine. Am I missing something or is there a bug writing the wrong destination MAC address in exiting packets?
Thanks for your help!
(https://i.stack.imgur.com/rH2p0.png)
(https://i.stack.imgur.com/k6lkX.png)
Well, I found the "Disable reply-to" setting in Firewall: Settings: Advanced, which led me to the following topic, that describes exactly what I'm facing: https://forum.opnsense.org/index.php?topic=15900.0