Hi there!
First post here born from frustration.
Situation:
VMware lab where OPNsense is connected to NAT network (as a WAN) and internal host network (as a LAN - there will be VMs placed here)
that
VMs are supposed to be placed in the internal host network (LAN) and connect to the Internet via OPNsense FW. Because of that I need to be able to manage firewall from "WAN" (my local LAN).
Problem:
No matter what changes in configuration I make it ends up with connections to FW Web GUI being blocked from WAN (Firewall -> Log Files -> Live View: "Default deny / state violation rule)
OPNsense 23.1
What have I tried:
- Interfaces - [WAN]: uncheck "Block private networks" and "Block bogon networks;
- Firewall - Rules - WAN: Adding a rule that allows connections WAN/in/This Firewall
- Clearing Automatically Generated Rules by tinkering with "/usr/local/etc/inc/filter.lib.inc"
- Firewall - NAT - Port Forward: Forwarding external port 443 to internal FW interface port 443
Whatever I do Web GUI is still blocked from WAN. My one clue is "Automatically generated floating route" which always gets "hits" (screenshot attached) blocking every attempt to connect from WAN. It is "last match" rule so from what I understand it should "hit" last after every other rule. Can you guys help? It must be achievable to have OPNsense as a firewall in lab that is manageable from local LAN (WAN for FW)
What about creating a flat management network for all your virtual servers? Testing OPNsense under lab conditions with hacks to allow WAN management may not be a true test.