Text only | Text with Images

OPNsense Forum

Archive => 22.1 Legacy Series => Topic started by: breisbrenny on February 22, 2022, 05:19:05 PM

Title: [Firewall] Configuring allow all in/out on a WAN interface
Post by: breisbrenny on February 22, 2022, 05:19:05 PM
Hi there,
We have a customer traffic network which should allow all WAN traffic in/out directly to the machines!

There is no NAT on this network, the subnet goes straight upstream and the machines are connected directly to this WAN with a public IP address.

The default deny rule, although we have Allow all in/out to WANCustomer set, keeps stopping TCP/UDP (but oddly not ICMP) traffic from hitting the servers.

Any ideas on how we can figure out why the allow rule is being ignored/manually set a default deny rule on other interfaces and remove the floating one?
Title: Re: [Firewall] Configuring allow all in/out on a WAN interface
Post by: breisbrenny on February 22, 2022, 05:29:04 PM
Picture of default deny hitting attached
Title: Re: [Firewall] Configuring allow all in/out on a WAN interface
Post by: breisbrenny on February 22, 2022, 06:15:03 PM
Update!

We've figured out UDP + ICMP pass without an issue, the default deny rule is only catching TCP packets although there is a rule in-spec to allow the traffic!
Text only | Text with Images