Hi, I am in the process of building a new server for my person colo and it will be running Truenas Scale and I wanted to run OPNsense for the firewall to protect a few VMs running on the scale machine. I have the VM up and running fine along with the few different inside interfaces. The challenge I am running into is I cannot get access to the web interface of OPNsense from the WAN interface (i have it renamed to outside in my environment). This is a brand new install as of this morning of 22.7 with the latest updates inside. The WAN interface sits on my home network currently (10.200.200.0/24) along with my home PC I am trying to access it from.
To start on the console of the VM I did a pfctl -d and I could access the firewall fine. I then went into the outside interface I made sure to disable the no rfc1918 rules and I also checked to make sure the management interface was enabled for all interfaces. I then went into the WAN firewall rules and did a permit from my home network as a source with a destination of any tcp/443. When I applied the rule it reenabled OPNsense and I could no longer get to the management gui. I then disabled it again and tried changing the permit to any any and it still is not working. This rule is only needed temporary while I configure the machine. I could access it other ways for now but I want to make sure its not part of a bigger problem as the rule "should" be working from what I can tell. I have been a long term OPNsense user for my home but the colo has been running a very old PAN firewall VM that has since expired license wise and I want to move to OPNsense. Any pointers on what I could be missing? In the logs its showing it is getting caught but the default deny / state violation rule. My understand is that should process last if nothing else is matching. Thanks!
A screenshot of the outside rule. Thanks
poking around the forums, reddit, etc I see so similar types of issues were certain rules would not work. It seemed to be related to networking issues. This is a VM under truenas scale and I think I have it setup correctly. If I shut down the firewall engine with a pfctl -d I can then get to the firewall. But once I enable it, my rules dont see to be working. I spun up a quick instance of pfsense CE and it works fine with the same type rule I was trying to get working under opnsense. Not sure where to go from here :( Anyone else running opnsense on truenas scale?
bumping this back up to see if anyone has any ideas on what is going on. Thanks for any guidance.
Try disabling reply-to in the advanced options of the firewall rule.
Cheers
Maurice
If you can't get that to work, consider setting up wireguard on opnsense and using that connection to gain access behind the WAN/Outside interface and not have to expose the webui at all.