I'm running default settings pretty much across the board. I'm unable to ssh from one machine on a LAN subnet to another machine on the same subnet. In the firewall log I see this:
__timestamp__ 2023-11-21T19:43:20
ack 3804592492
action [block]
anchorname
datalen 0
dir [in]
dst 192.168.1.152
dstport 49195
ecn
id 0
interface igc1
interface_name lan
ipflags DF
ipversion 4
label Default deny / state violation rule
length 60
offset 0
protoname tcp
protonum 6
reason match
rid 02f4bab031b57d1e30553ce08e0ec131
rulenr 5
seq 1985055759
src 192.168.1.50
srcport 22
subrulenr
tcpflags SA
tcpopts
tos 0x0
ttl 64
urp 65160
Again, I've added no rules and it appears the default is to allow all traffic so I'm confused why this is happening. The "src" IP address above is actually the system I'm trying to ssh TO if that helps. Any help would be greatly appreciated.
Traffic between two hosts in the same subnet should not touch the firewall. Maybe the subnet mask is misconfigured on the host you're trying to connect to? This could result in the syn ack being sent to the firewall, which causes a state violation.
Cheers
Maurice
I've checked both interfaces on each of the internal hosts and the mask looks fine (/24). They're both on DHCP (using same OPNSense for this too), and DHCP is configured correctly as well. Is there any way to turn off this "syn ack" functionality? I'm not familiar with that.
You'll have to find out why 192.168.1.50 sends these packets to OPNsense instead of directly to 192.168.1.152. That's beyond the control of OPNsense and more likely a client / switch / WLAN / ... issue.