Good morning,
Here is my project, I have an OPNsense instance on the OVH Public Cloud.
I have access to my Webgui via my WAN address and it suits me perfectly, only as soon as I activate a LAN interface, I no longer have access to my graphical interface via the WAN.
I only have access to it if I make the shell command pfctl -d. A deactivation of my firewall.
Yet I have a rule in place that is like this:
Traffic entrant : Protocole : TCP ; Source : My IP Public ; Port : 4443 ; Destination : This Firewall ; Port : 4443
And yet if I don't order pfctl -d , When I add a LAN interface, I can't access my OPNsense on the web.
In the logs I find this refusal : INT WAN -> Traffic entrant -> My IP Public:52475 -> IP PUBLIC on my OPNsense:4443 -> Protocole tcp -> Default deny / state violation rule
I look forward to your help! ;D :D
Thanks
Quote from: ECLOUD on May 02, 2024, 05:16:50 PM
Traffic entrant : Protocole : TCP ; Source : My IP Public ; Port : 4443 ; Destination : This Firewall ; Port : 4443
Change to:
Traffic entrant : Protocole : TCP ; Source : My IP Public ; Port : * ; Destination : This Firewall ; Port : 4443
I'm so stupid... it's not like I saw that my public IP came with several different ports and not just 4443...
In any case, it works! Thanks a lot !
On the other hand, I cannot get the understanding of:
with the wrong source port, I can access the webgui, without LAN added. However, as soon as I add a LAN, I no longer have access to it. It's really this understanding that I don't master.
Possibly the automagic "anti-lockout" rule? I have that disabled everywhere. I prefer explicit configuration and I don't like intransparent magic happening. Same for NAT - all on manual, here. YMMV as always.