OPNsense Forum
English Forums => General Discussion => Topic started by: NOYB on January 26, 2018, 07:25:32 am
-
Trying to access the WebGUI via wan interface. Have pass all rule at top of WAN firewall and it responds with SYN ACK to client IP address. However it is to the default gateway MAC address so never reaches the client.
Why is it being sent to the gateway? They are all on the same subnet (192.168.2.0/24).
Client x.x.x.10
OPNsense x.x.x.44
Default Gateway x.x.x.1
Thanks
-
If I remember correctly pfSense had a custom FreeBSD patch to reply to the client even if reply-to is set for the gateway. Some gateways do not forward this to the client but rather try to route it through the internet for no apparent reason.
You can:
* Disable reply-to globally if you don't use multi-WAN under Firewall: Advanced: Settings, or
* Disable reply-to in the firewall rule that you use to pass your access.
With the new rules generation in place nowadays, maybe we can finally inject a safeguard rule for reply-to to avoid this behaviour in the local attached network. A ticket for this is appreciated.
Cheers,
Franco
-
Hi,
I am new here, but I tried this solution but I still can't seem to access the web gui via the wan interface.
Setup : WAN interface which gets a dhcp address, LAN interace 192.168.0.1.
Created a wan rule (tcp -> any to wan address, port range https -> https, and disabled the reply-to in this firewall rule).
Could you maybe share you settings?