Text only | Text with Images

OPNsense Forum

Archive => 21.7 Legacy Series => Topic started by: hypemedia on August 06, 2021, 11:36:08 AM

Title: Getting blocked by the firewall
Post by: hypemedia on August 06, 2021, 11:36:08 AM
We are trying to migrate from pfsense to opnsense and I encountered a few issues:
1. My Ip is getting blocked all the time and I am not able to connect to the interface if I don't disable the firewall.
I have created a rule for the IP to be allowed fully but I think is overwritten by the automated generated floating rules.

2. Where can I create a white list for the suricata IDS. On pfsense I can create an alias that I can use on all the services. On suricata I can not find where to add such alias.

3. Where can I clean IP blocked by the different services like virusprot, sshlockout list and so on.
Title: Re: Getting blocked by the firewall
Post by: phoenix on August 06, 2021, 11:42:47 AM
Which IP is getting blocked, are you talking about the LAN or WAN IP address?
Title: Re: Getting blocked by the firewall
Post by: hypemedia on August 06, 2021, 12:29:56 PM
The firewall is a transparent bridge firewall there is no lan. The public IP used by me to access the firewall interface gets blocked.
Title: Re: Getting blocked by the firewall
Post by: chemlud on August 06, 2021, 01:37:49 PM
network plan, please
Title: Re: Getting blocked by the firewall
Post by: falanca on August 09, 2021, 02:37:10 PM
Same here... but I've freshly installed v21.7.

When I try to connect a pc from outside with vnc, I'm stucking on "default deny rule". It was working before!

network plan

internet > modem 192.168.10.1 > opnsense wan 192.168.10.2 > LAN PC 192.168.1.10

you can see rules and logs at the attachment


Note: When I was creating NAT rules, system didn't automaticly created some WAN rules. But I've deleted and recreated that NAT rules (ex: VNC rule) than system created automaticly WAN rules.
I think it'a bug.
Title: Re: Getting blocked by the firewall
Post by: falanca on August 09, 2021, 08:09:30 PM
[SOLVED]
Now I can connect If I select both LAN & WAN interfaces in the NAT rule for VNC and others!
Before WAN interface was enough for the NAT!
Title: Re: Getting blocked by the firewall
Post by: hypemedia on August 12, 2021, 12:47:53 PM
Ok so for my first problem the issue was related to the alias that I have configured it was on URL(IP) and needed to be on hosts.

For 2 and 3 a still have now solution.

On top of that I realised that all outgoing traffic from the VMs is blocked.

my netplan is like this:

internet -> opnsense (I have 2 virtual networks WAN (connected to a vswitch) and OPT connected to an other vswitch) > VMs (also public IP no NAT)

Have also tried to move the rules from bridge to wan. Also important to mention is that also from Opnsense I don't have any outgoing connection.

Both WAN and OPT are configured in a bridge interface. The public IP of the opnsense is on the bridge and all the traffic rules are also configured on the bridge interface.

On the LAN and OPT interfaces all the traffic is allowed in both directions.
Title: Re: Getting blocked by the firewall
Post by: hypemedia on August 12, 2021, 04:11:39 PM
Update.

Outgoing traffic is ok now.
What I did:
1. Moved all the rules on the WAN interface
2. Moved the management IP from bridge interface to the WAN interface.
3. Allowed traffic on Bridge and OPT interface.
Text only | Text with Images