OPNsense Forum

Archive => 18.1 Legacy Series => Topic started by: slickdakine on March 24, 2018, 01:43:18 am

Title: opnsense VM - Linux bridge issue - LAN dns
Post by: slickdakine on March 24, 2018, 01:43:18 am

Hi All,

I finally found out what was causing the problems I was having with the default deny rule I posted out about in two postings here:
https://forum.opnsense.org/index.php?topic=7277.msg34964#msg34964

Franco was right, there seemed to be something wrong about the setup I had on my LAN. The LAN interface was bridged to a Linux bridge interface (br0), and that is what was causing the problems. I had to originally do that as PFsense had issues with the VM being bridged right to the LAN (eth0) interface. Anyway, I put it back to the way I originally set it up years ago and it works fine, and the states seem to be tracking correctly. No more default deny blocking all traffic! This wasn't a problem until pfSense 2.4 or the current opnsense. I think it maybe related to Freebsd 11.

I am having a few problems still:
1. For some reason both the DNS resolver and DNSmasq will not work correctly on the LAN without a specific rule allowing packets from the LAN to the firewall. See the attached rule (DNS Fix) and log I made in order to get this to work.
2. I would like to keep IP6 disabled for now. But my log is filling up with "Block all IPv6" entries on the WAN. Is there a way I can keep this from being recorded in my firewall log?

Loving opnsense so far now that I have it functioning well. Glad to join the community!
Thanks!

Title: Re: opnsense VM - Linux bridge issue - LAN dns
Post by: slickdakine on March 25, 2018, 05:19:11 am

I should add to this, I cannot ping the firewall either. I ended up making this rule:
Proto     Source    Port        Destination         Port    Gateway   
IPv4      LANnet    *        This Firewall           *             *

Is there a reason that this rule would be needed on a clean install?