Hello,
I'm having a challenge that I just don't know how to resolve/debug.
I am enabling the the ability to access the web management interface from the WAN. (yes I know this is not most secure way to do this. We're using the firewall in our internal network behind another firewall. We're not worried about the security aspect at this point.).
The WAN interface has the following rule to allow this:
Action: Pass
Protocol: TCP
source: any
destination: This Firewall
destination port: HTTPS
Log: Enabled
We also have two subnets in the WAN space 192.168.100.0/24 and 192.168.200.0/24 that may need to access the web configuration.
The accessibility of the WEB interface changes based on how the IP address is assigned.
Our DHCP is configured so that the WAN interfaces always gets the address 192.168.100.92.
If the WAN interface is configured to use DHCP then it is accessible from 192.168.200, but it is NOT accessible from 192.168.100.
If I change the WAN interface to use static, and use the SAME address (192.168.100.92), then it is NOT accessible from 192.168.200 but it IS accessible from 192.168.100.
If it is configured as 192.168.100 192.168.200
---------------------- -------------- ---------------
192.168.100.92 static accessible NOT accessible
192.168.100.92 dhcp NOT accessible accessible
I am baffled by this because nodes in 192.168.100 can ping nodes in 192.168.200 and vice versa, and I don't know why static vs dhcp configuration would have an impact like this.
Any clues, thoughts or tips would be greatly appreciated.
Disable reply-to, I guess.
Thank you Patrick.
Your tip prompted me to search the forum for "reply-to" and I found the thread "Reply-to on WAN by default is bogus" at https://forum.opnsense.org/index.php?topic=15900 (https://forum.opnsense.org/index.php?topic=15900).
Which pretty much explained my situation, along with some other unexpected behavior.
I've disabled the setting and am happy to report that DHCP assigned WAN interface is now working from all my desired locations.