OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: cchris321 on August 02, 2017, 12:33:08 pm

Title: Enable ARP replies on WAN network
Post by: cchris321 on August 02, 2017, 12:33:08 pm
I recently brought up a OPNSense firewall that has to accept connection from multiple IPs on the same subnet from the WAN interface.
The default gateway is connected on the same interface and on the same subnet of the other devices.
However, it seems that OPNSense accept connections only from the default gateway.
After some investigations, I discovered that OPNSense seems to reply only to ARP request that comes from the default gateway on the WAN interface.
Can you please help me in order to enable ARP replies from any device on the WAN interface that belongs on the same network?

Thank you and best regards
Title: Re: Enable ARP replies on WAN network
Post by: franco on August 03, 2017, 07:56:42 am
This may not be enough info to pin down the problem. ARP is Layer 2, it cannot and will not be blocked by the firewall filter. How are you observing this? Did you check the ARP table on the OPNsense?

# arp -na


Cheers,
Franco
Title: Re: Enable ARP replies on WAN network
Post by: Zeitkind on August 03, 2017, 01:31:10 pm
Sounds IMHO like the old problem with WAN network and the reply-to rules?
Title: Re: Enable ARP replies on WAN network
Post by: franco on August 03, 2017, 01:50:21 pm
Oh, it could be. Try setting Firewall: Settings: Advanced: [ x ] disable reply-to.
Title: Re: Enable ARP replies on WAN network
Post by: cchris321 on August 03, 2017, 02:02:47 pm
First of all, some IP definition in order to explain me better:


I have made the following checks:


I then made also the following test:


Thank you and best regards