OPNsense Forum

Archive => 22.1 Legacy Series => Topic started by: Cattapiller on August 07, 2022, 10:04:37 am

Title: [SOLVED] TCP Connections denied per deny default
Post by: Cattapiller on August 07, 2022, 10:04:37 am: Heya,

im stumbling into a really weird one here.

Ive got some tcp connections that are going through and some that just arent. Just directly blocked by deny default via floating rules. (Can see it in the live log from the firewall) But there are ALLOW all rules for the clients to connect to the internet.

My setup:

ISP <---> OPNsense <-> Switches <-> Clients

Ive got a couple VLANS for the clients, VLANs for mgmt.
The clients are able to connect to the internet and are passed through the OPNsense firewall (so that works). They can reach most of the web, but if they try to reach certain websites, its denied by default via floating rules.

Denied instantly on Websites like Whatsapp, Facebook, Protonmail and so on.....

ISP is doin the NAT for us.

Not using DNS from OPNsense.
Not using any Webproxy or something. Its just plain routing.

Ive tried to set firewall -> settings -> advanced : firewall optimization to conservative (was normal) like suggested in another post, and it wasnt helping.

Thanks in advance!
Title: Re: TCP Connections denied per deny default
Post by: Cattapiller on August 23, 2022, 02:07:33 am: Well i solved it. Dont know why, but now it works.

System > Settings > Tunables :

net.inet.udp.checksum UDP Checksums

net.inet.tcp.tso TCP Offload Engine

both set to 1.

Now it works flawlessly.

Cheers.

SMF 2.0.19 | SMF © 2021, Simple Machines
Privacy Policy