Show Posts
1
17.7 Legacy Series / one way firewall issue - missing "conntrack" - traffic to DMZ
« on: January 31, 2018, 01:06:34 pm »
Dear Users,
i can not find a suitable FW-rule to allow traffic to a DMZ-machine and letting pass the packages coming back.
I see the traffic entering the DMZ-machine and see traffic leaving, but the response is blocked by opnsense. Its plain http-traffic.
For all other traffic, RELATED/ESTABLISHED packages have been always allowed.
VPN-CLIENTS(10.8.2.0/24) <-----INTERNET------> VPN-GW (lan: 172.16.1.3)
Webserver (lan: 172.16.1.4)
Default-GW for DMZ (OPNSENSE) 172.16.1.254
Traffic goes from VPN-Client -> VPN-GW -> Webserver > Default-GW and then it gets blocked by OPNSENSE.
MY DMZ FW-Rule is:
IPv4 TCP 10.8.2.0/24 * 172.16.1.4 80 (HTTP)
Any idea?
any help is greatly appreciated.
thank you!
Stefan
i can not find a suitable FW-rule to allow traffic to a DMZ-machine and letting pass the packages coming back.
I see the traffic entering the DMZ-machine and see traffic leaving, but the response is blocked by opnsense. Its plain http-traffic.
For all other traffic, RELATED/ESTABLISHED packages have been always allowed.
VPN-CLIENTS(10.8.2.0/24) <-----INTERNET------> VPN-GW (lan: 172.16.1.3)
Webserver (lan: 172.16.1.4)
Default-GW for DMZ (OPNSENSE) 172.16.1.254
Traffic goes from VPN-Client -> VPN-GW -> Webserver > Default-GW and then it gets blocked by OPNSENSE.
MY DMZ FW-Rule is:
IPv4 TCP 10.8.2.0/24 * 172.16.1.4 80 (HTTP)
Any idea?
any help is greatly appreciated.
thank you!
Stefan