OPNsense Forum
Archive => 22.1 Legacy Series => Topic started by: XeroX on May 25, 2022, 08:48:10 pm
-
Hello,
obviously I'm to stupid to get traffic from one VLAN to another one.
I do get traffic from LAN to VLAN2. But I can't reach VLAN2 to LAN (only ICMP works).
Can someone help me with that? I tried rules in every direction on every interface (LAN, VLAN2). I'm able to reach LAN -> VLAN2 but not in the other direction. What am I doing wrong?
As ICMP works, I would rule out any routing problem.
Is this related to the webproxy? (transparent mode, but rules deleted on VLAN2)
Cheers and thx for help.
-
What kind of devices / Hosts are in the LAN and VLAN2 Network?
What Services (Port, Protocol) in the LAN Network are you trying to access from the VLAN2 Network?
Are there multiple Gateways?
...
Some additional information would probably help with solving your Problem :)
-
Hello,
LAN contains ESXi Hosts and vCenter.
VLAN2 contains Active Directory and Horizon Connection Server.
I try to access vCenter (LAN) or any "internal" webservice via TCP 80 or 443. 80,443 or 3389 from LAN -> VLAN2 works fine.
Machines from VLAN2 can access the internet via Web Proxy (if needed, but currently not configured on any machine in VLAN2) (had it transparent before, but removed that).
OPNSense is the only physical gateway for both subnets.
Are there any hidden rules from the web proxy?
-
So Port 22 works. Seems to be proxy related. But even when I turned off the web proxy, no transparent mode, no interfaces selected, it does not work.
Are there any hidden rules?
-
I found the "hidden" rules via /tmp/rules.debug.
rdr on igb1_vlan2 inet proto tcp from {(igb1_vlan2:network)} to {any} port {80} -> 127.0.0.1 port 3128 # redirect traffic to proxy
rdr on igb1_vlan2 inet proto tcp from {(igb1_vlan2:network)} to {any} port {443} -> 127.0.0.1 port 3129 # redirect secure traffic to proxy
a) Why they are "hidden" and not removed when switching off transparent mode?
b) how can I remove this?
@franco sry to summon, any ideas? is this a known issue?