Show Posts
1
16.1 Legacy Series / Issue on WAN filter
« on: July 27, 2016, 10:57:40 pm »
Hi All,
I have the following issue on all 3 opnsense version that I installed: 16.1.20 , 16.1.8 , 16.7-RC2.
Enviroment:
VM with 2 interfaces on VMware Workstation 11.
em0 interface is bridged with eth0 of my PC, connected to my home router.
em1 interface is an isolated one on the VMware
Configuration:
em0 -> WAN -> DHCP Assigned Address -> 192.168.0.116 (GW: 192.168.0.1 <- my home router)
em1 -> LAN -> Static IP -> 10.10.5.1/24 with a DHCP Server with range 10.10.5.200-220
I add the firewall rule on WAN
Protocol: any
Src: any
Dst: any
Action: pass
From my router (192.168.0.1) I'm unable to ping WAN (192.168.0.116).
From another PC (192.168.0.22) I'm unable to ping WAN (192.168.0.116)
From WAN I'm able to ping my router and other PC in subnet.
I unchecked "block rfc1918" and "block logon network", tried to put a more specific rule for ICMP on WAN and rebooted VM, but nothing changed.
With Pfsense the same configuration in the same enviroment, works as expected, replying to ICMP, so it cannot be the enviroment.
It seems that there's something wrong on the outgoing rules of WAN pf.
Looking tcpdump inside opnsense I'm seeing ICMP request and reply, but it doesn't leave the WAN interface.
Obviously It works when I manually disable pf.
This issue affect every packet sent to the WAN interface, not only icmp.
Here you can find
opnsense /tmp/rules.debug file
http://pastebin.com/eHcCMX7k
pfsense /tmp/rules.debug file
http://pastebin.com/u4xi1Wvk
and opnsense backup configuration
http://pastebin.com/n2SYKpvb
Is there someone that already find this issue or is there something I'm not doing on the right way?
Thanks in advance.
I have the following issue on all 3 opnsense version that I installed: 16.1.20 , 16.1.8 , 16.7-RC2.
Enviroment:
VM with 2 interfaces on VMware Workstation 11.
em0 interface is bridged with eth0 of my PC, connected to my home router.
em1 interface is an isolated one on the VMware
Configuration:
em0 -> WAN -> DHCP Assigned Address -> 192.168.0.116 (GW: 192.168.0.1 <- my home router)
em1 -> LAN -> Static IP -> 10.10.5.1/24 with a DHCP Server with range 10.10.5.200-220
I add the firewall rule on WAN
Protocol: any
Src: any
Dst: any
Action: pass
From my router (192.168.0.1) I'm unable to ping WAN (192.168.0.116).
From another PC (192.168.0.22) I'm unable to ping WAN (192.168.0.116)
From WAN I'm able to ping my router and other PC in subnet.
I unchecked "block rfc1918" and "block logon network", tried to put a more specific rule for ICMP on WAN and rebooted VM, but nothing changed.
With Pfsense the same configuration in the same enviroment, works as expected, replying to ICMP, so it cannot be the enviroment.
It seems that there's something wrong on the outgoing rules of WAN pf.
Looking tcpdump inside opnsense I'm seeing ICMP request and reply, but it doesn't leave the WAN interface.
Obviously It works when I manually disable pf.
This issue affect every packet sent to the WAN interface, not only icmp.
Here you can find
opnsense /tmp/rules.debug file
http://pastebin.com/eHcCMX7k
pfsense /tmp/rules.debug file
http://pastebin.com/u4xi1Wvk
and opnsense backup configuration
http://pastebin.com/n2SYKpvb
Is there someone that already find this issue or is there something I'm not doing on the right way?
Thanks in advance.