Text only | Text with Images

OPNsense Forum

English Forums => 24.7, 24.10 Legacy Series => Topic started by: Arno on December 03, 2024, 12:14:07 PM

Title: Pass rule on LAN interface, still blocked packets
Post by: Arno on December 03, 2024, 12:14:07 PM
Hi,

For one box I want internet access bypassing my VPN client to a VPN provider.
So I added the IP address to a 'NoVPN' alias.

On the LAN interface the is a pass rule:
Source: IPv4 NoVPN alias
Destination: *
(and another rule below for the same subnet to use VPN gateway)

When I search the logs using remote logging there are packets on the LAN interface that are blocked from this one box (from tcp high ports to tcp high ports).
So before going out on the internet some packets are blocked.

How is this possible?
Title: Re: Pass rule on LAN interface, still blocked packets
Post by: DEC670airp414user on December 03, 2024, 01:44:52 PM
is it the top rule.  in order of appearance
Title: Re: Pass rule on LAN interface, still blocked packets
Post by: Arno on December 03, 2024, 09:04:50 PM
No. See attached image.

LAN net = subnet A
Internet = subnet A
DMZ = subnet B

The server that is blocked is in subnet C and it's IP address is in the 'NoVPN' alias.
The bottom rule in the picture is for all in subnet C.
Below these rules are more rules. Packets from the server should match the NoVPN rule so I excluded them from the picture.
Text only | Text with Images