Text only | Text with Images

OPNsense Forum

English Forums => General Discussion => Topic started by: ricksense on November 24, 2023, 03:13:05 PM

Title: error(s) loading the rule
Post by: ricksense on November 24, 2023, 03:13:05 PM
Hi,

Could anyone please help me make any sense of this error message?

https://imgbox.com/8walW3or

(https://imgur.com/a/JPSBEG2)

OPNsense is running as a VM in Proxmox (just for practice purpose at the moment), and its WAN port gets an IP from my physical home router (192.168.3.1), which manages my home LAN.
IP 192.168.3.100 is my desktop PC. I set a WAN pass rule for my PC so that it can reach the OPNsense dashboard and devices on the OPNsense LAN side.

Thanks
Title: Re: error(s) loading the rule
Post by: Maurice on November 25, 2023, 12:15:06 AM
You need to specify the direction of the rule (in). Also, since your PC is in the WAN subnet, you should disable reply-to.

Not sure how you were able to create a WAN rule without specifying the direction. Or is this a floating rule?

Cheers
Maurice
Title: Re: error(s) loading the rule
Post by: ricksense on November 25, 2023, 01:10:08 PM
Quote from: Maurice on November 25, 2023, 12:15:06 AM
You need to specify the direction of the rule (in). Also, since your PC is in the WAN subnet, you should disable reply-to.

Not sure how you were able to create a WAN rule without specifying the direction. Or is this a floating rule?

It's a simple pass [IN] rule, and reply-to is already disabled:

(https://images2.imgbox.com/e4/96/nuGNq71i_o.jpg) (https://imgbox.com/nuGNq71i)

Thank you
Title: Re: error(s) loading the rule
Post by: Maurice on November 25, 2023, 06:27:43 PM
That's odd, the error message clearly shows a rule without direction ("pass quick") and with reply-to set to your home router ("reply-to (vtnet0 192.168.3.1)"). Is this your only rule? You might want to check Firewall: Diagnostics: Statistics: rules for duplicates. Or delete and recreate the rule.
Title: Re: error(s) loading the rule
Post by: ricksense on November 25, 2023, 09:39:41 PM
Quote from: Maurice on November 25, 2023, 06:27:43 PM
That's odd, the error message clearly shows a rule without direction ("pass quick") and with reply-to set to your home router ("reply-to (vtnet0 192.168.3.1)"). Is this your only rule? You might want to check Firewall: Diagnostics: Statistics: rules for duplicates. Or delete and recreate the rule.

Yes, it's odd.
Nothing meaningful in Diagnostics.
Thanks
Title: Re: error(s) loading the rule
Post by: franco on November 27, 2023, 12:07:45 PM
At first glance it's either missing a validation or setting the proper "in" argument by default, but I'm a bit surprised that either should be required. How can I reproduce this?


Cheers,
Franco
Text only | Text with Images