Heya,
im stumbling into a really weird one here.
Ive got some tcp connections that are going through and some that just arent. Just directly blocked by deny default via floating rules. (Can see it in the live log from the firewall) But there are ALLOW all rules for the clients to connect to the internet.
My setup:
ISP <---> OPNsense <-> Switches <-> Clients
Ive got a couple VLANS for the clients, VLANs for mgmt.
The clients are able to connect to the internet and are passed through the OPNsense firewall (so that works). They can reach most of the web, but if they try to reach certain websites, its denied by default via floating rules.
Denied instantly on Websites like Whatsapp, Facebook, Protonmail and so on.....
ISP is doin the NAT for us.
Not using DNS from OPNsense.
Not using any Webproxy or something. Its just plain routing.
Ive tried to set firewall -> settings -> advanced : firewall optimization to conservative (was normal) like suggested in another post, and it wasnt helping.
Thanks in advance!
Well i solved it. Dont know why, but now it works.
System > Settings > Tunables :
net.inet.udp.checksum UDP Checksums
net.inet.tcp.tso TCP Offload Engine
both set to 1.
Now it works flawlessly.
Cheers.