OPNsense Forum

Archive => 16.1 Legacy Series => Topic started by: mitchskis on March 12, 2016, 11:16:35 pm

Title: Sanity Check WAN Firewall rule
Post by: mitchskis on March 12, 2016, 11:16:35 pm
OPNsense 16.1.6-amd64   
WAN: 10.255.255.102/24 via DHCP(Gateway 10.255.255.1/24)
LAN: 192.168.1.1/24
OPT1: 10.255.255.110/24

WAN & OPT1 are on the same wire as my workstation, 10.255.225.254/24.

I could use some sanity checking. In the configuration above, I can ping and ssh to the WAN & OPT1 interfaces from the gateway but I'm unable to touch the WAN interface from my workstation. I can also ping from 10.255.255.102 to 10.255.225.254. Both 10.255.255.102 & 10.255.255.110 are in my arp table. The firewall rule for both WAN & OPT1 is: IPv4 * * * * *

Any ideas?
Title: Re: Sanity Check WAN Firewall rule
Post by: franco on March 13, 2016, 08:28:21 pm
What's the purpose of OPT1 in this scenario? It might cause your routing table to get stuck having two subnets on two different ethernet ports. Without the use case you're after it's hard to say what to change.