Print Page - New to Opnsense; 100% Packet loss

Title: New to Opnsense; 100% Packet loss
Post by: Selectbq on May 18, 2022, 12:54:04 AM

Hey all, we've just setup OPNsense today but are struggling massively with the firewall.

Overview:

We are running a VMWare network on subnet 192.168.25.0/24

Gateway is 192.168.25.2
Opnsense is on 192.168.25.131 configured to use the gateway above
Other machines are on 192.168.25.125 to 192.168.25.130

Issue being: Other machines cannot connect to squid or DNS if the source and destination is set to LAN nor can opsense connect to the gateway (no packets go through, even if ICMP is allowed)

Log:
(https://i.imgur.com/qG2Qk2a.png)
(https://i.imgur.com/I7gVHy4.png)

But the rules explicitly allow LAN connections

(https://i.imgur.com/OMiYkl4.png)

Setting all rules to ANY works however opnsense itself does not have any connection to the gateway cannot ping the gateway nor any other ip address

What am I doing wrong?

Title: Re: New to Opnsense; 100% Packet loss
Post by: Selectbq on May 18, 2022, 01:02:48 AM

I should also mention that "Block private networks" and "Block bogon networks" are turned off

Title: Re: New to Opnsense; 100% Packet loss
Post by: lfirewall1243 on May 18, 2022, 11:57:04 AM

I think asymetric routing is your problem.

Clients send the packets to your OPNsense and OPNsense to the Gateway.
But the answer packets are going from the Gateway directly to the Client, but the Client isn't listening for that.

Search for asymetric routing, there are many threads about it

OPNsense Forum

English Forums => General Discussion => Topic started by: Selectbq on May 18, 2022, 12:54:04 AM