OPNsense Forum
English Forums => General Discussion => Topic started by: AverageGuy on November 23, 2021, 01:53:34 pm
-
I used the info at https://www.techrepublic.com/article/how-to-create-a-firewall-rule-with-opnsense/ to open ssh to a machine on my network and when I look at the logs, I see that the attempted connection is blocked with a "Default deny rule", I did a search for that error but didn't come up with anything useful. I'm very new to opnsense. This is a new install as of today. Attached is a snapshot of the entry.
Thanks,
Jim.
-
I've continued on and tried some other things. I've discovered an automatic rule "Default deny rule" which I'm guessing is responsible for the problem. So here's what my Port Forwarding looks like:
https://paste.pics/3b37bf6959da5ef01ac540bf8df28bdb (https://paste.pics/3b37bf6959da5ef01ac540bf8df28bdb)
And here's the WAN rules that were generated automatically:
https://paste.pics/12cd60b6820973c1183d7160872e902f (https://paste.pics/12cd60b6820973c1183d7160872e902f)
Ignore the port 5060 stuff. I was able to open those ports for SIP access.
I also couldn't figure out how to upload an image. It just gave me a couple of img brackets.
This is the log entry:
https://paste.pics/dab65912e8a1236d719cedf1e4f8c152 (https://paste.pics/dab65912e8a1236d719cedf1e4f8c152)
Why is the automatically generated rule being fired?
-
I can't tell too well from screenshots but I think you have set source port to ssh(22) when it should be any.
In case you haven't seenn it, this is the link to documentation https://docs.opnsense.org/intro.html (https://docs.opnsense.org/intro.html)
-
Yes, source port is wrong, and destination address should be WAN address not LAN net
-
Thanks, everyone. It's working now.
Jim