Text only | Text with Images

OPNsense Forum

English Forums => 24.7, 24.10 Legacy Series => Topic started by: ParametricToroid on September 12, 2024, 04:08:10 PM

Title: Firewall Issue? - Connection between PC and Proxmox Server
Post by: ParametricToroid on September 12, 2024, 04:08:10 PM
Good morning!

I'm having an issue communicating between my PC and proxmox server through OPNsense (separate devices).

I'm relatively new to OPNsense, but I noticed today that while accessing a proxmox web gui shell through my PC, as soon as I open nano to edit a file, the proxmox web gui page hangs (seems to be about 45 sec after opening shell). Looking at my firewall logs, I can clearly see it blocking communication from my PC to the proxmox server.

I have several VLANs on my OPNsense box. Specific to this issue, a management VLAN (10.10.99.0/24), a trusted VLAN (10.10.50.0/24), and a wireguard "VLAN" (10.10.30.0/24).

My proxmox server web interface lives on 10.10.99.20, and my desktop PC on 10.10.50.101.

I have no issues accessing the web gui and navigating normally, it seems to be just accessing the shell that causes issues (not entirely sure).

Interestingly, accessing the proxmox web gui remotely, via wireguard vpn (laptop, IP 10.10.30.3), I have no issues accessing and using the shell (and I can see the firewall allowing traffic)!

I followed Dustin's guide here: https://homenetworkguy.com/how-to/set-up-a-fully-functioning-home-network-using-opnsense/ (excellent, btw), and I thought I had properly configured the inter-vlan traffic firewall rules, but apparently not.

Does anyone have any idea how I can fix my configuration to allow this traffic, or why traffic is blocked from one vlan and not my wireguard interface?

In the following replies I've attached the firewall logs showing the blocked and allowed traffic, as well as the firewall rules for the management, trusted and wireguard interfaces.

Thanks for your help!
Title: Re: Firewall Issue? - Connection between PC and Proxmox Server
Post by: ParametricToroid on September 12, 2024, 04:08:43 PM
Management VLAN Firewall Rules:
Title: Re: Firewall Issue? - Connection between PC and Proxmox Server
Post by: ParametricToroid on September 12, 2024, 04:09:11 PM
Trusted VLAN Firewall Rules:
Title: Re: Firewall Issue? - Connection between PC and Proxmox Server
Post by: ParametricToroid on September 12, 2024, 04:09:43 PM
Wireguard Interface Firewall Rules:
Title: Re: Firewall Issue? - Connection between PC and Proxmox Server
Post by: ParametricToroid on September 12, 2024, 04:10:41 PM
Floating Firewall Rules:
Title: Re: Firewall Issue? - Connection between PC and Proxmox Server
Post by: Impatient2404 on May 09, 2025, 12:10:22 AM
@ParametricToroid did you find a solution ? I just noticed that I have the same problem
Title: Re: Firewall Issue? - Connection between PC and Proxmox Server
Post by: Impatient2404 on May 09, 2025, 12:10:55 AM
@ParametricToroid did you find a solution ? I just noticed that I have the same problem
Title: Re: Firewall Issue? - Connection between PC and Proxmox Server
Post by: EricPerl on May 09, 2025, 12:43:59 AM
Old thread...
How about you show your rules on the equivalent of your trusted interface (others irrelevant)?
FW log showing the block would help too.

FWIW, I'm totally baffled by the OP's floating rule.
There's also a fair number of redundant rules on his trusted interface.
And I don't understand his use case either. Connected to PVE's GUI, then opening shell (to PVE? to a VM?), then the page hangs and FW shows state violation???

That doesn't make sense. Are you really getting a similar behavior?

Text only | Text with Images