OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of cchris321 »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - cchris321

Pages: [1]
1
17.7 Legacy Series / Re: Enable ARP replies on WAN network
« on: August 03, 2017, 02:02:47 pm »
First of all, some IP definition in order to explain me better:

  • 10.0.1.254/24 Ip address of OPNSense WAN interface
  • 10.0.1.1/24 Ip address of the default gateway
  • 10.0.1.138/24 Ip address of another PC that has to reach OPNSense

I have made the following checks:

  • In OPNSense ARP table I have only entries for 10.0.1.254 and 10.0.1.1 on WAN interface
  • If I try to ping from 10.0.1.138 to 10.0.1.254 it returns "host unreacheable" error
  • If I try to ping from 10.0.1.1 to 10.0.1.254 it replies correctly
  • I try to enable on firewall --> advanced settings the "disable reply to" rule with no success
  • By checking with tcpdump on OPNSense, I see the ARP request and reply if they are sent by 10.0.1.1, I cannot see no ARP request if they are sent by 10.0.1.138
  • By checking with another PC using wireshark, I see the ARP request and reply if they are sent by 10.0.1.1, also I can see only the ARP request from 10.0.1.138, but no reply
  • By checking ARP table on 10.0.1.138, I see an entry related to 10.0.1.254 with no mac address and a Failed note

I then made also the following test:

  • From OPNsense I tried to ping 10.0.1.138 and it replies correctly
  • After the above point if I tried to ping 10.0.1.254 from 10.0.1.138 then it will start to reply correctly
  • By checking the OPNSense ARP table now I have also the 10.0.1.138 entry
  • The same as point 3 also on 10.0.1.138 (ARP entry for 10.0.1.254)

Thank you and best regards

2
17.7 Legacy Series / Enable ARP replies on WAN network
« on: August 02, 2017, 12:33:08 pm »
I recently brought up a OPNSense firewall that has to accept connection from multiple IPs on the same subnet from the WAN interface.
The default gateway is connected on the same interface and on the same subnet of the other devices.
However, it seems that OPNSense accept connections only from the default gateway.
After some investigations, I discovered that OPNSense seems to reply only to ARP request that comes from the default gateway on the WAN interface.
Can you please help me in order to enable ARP replies from any device on the WAN interface that belongs on the same network?

Thank you and best regards

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2