Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - nutonas

Pages1
#1
General Discussion / ICMP
May 16, 2019, 10:37:43 AM
Hi,

Our ISP needs to ping our firewall and i created rule on WAN interface where allows ICMP traffic from ISP ip.

Proto           Source                   Port    Destination                Port    Gateway    Schedule    Description    
IPv4 ICMP    ISP_IP/24    *  OUR_FIREWALL_WAN_IP/28    *    WANGW          

But problem that from ISP they dont get replays from our firewall. So the thing is that on firewall logs says that from ISP_IP passes ICMP to OUR_FIREWALL_WAN_IP:

filterlog: 90,,,0,bge0,match,pass,in,4,0x0,,60,0,0,DF,1,icmp,ISP_IP,OUR_FIREWALL_WAN_IP,datalength=64

But i if i filter in logs by our WAN ip there is no logged traffic with replay.

So can anyone help me to configure  properly this ICMP rule?
#2
General Discussion / Firewall working strange
October 11, 2018, 11:29:36 PM
Hi, ammm the thing is, that my OPNSENSE does not allow any traffic from WAN side literally. I had created rules for example to allow ICMP ping from  WAN side:
Proto    Source    Port    Destination    Port    Gateway    
IPv4 ICMP    *    *    WAN address    *    *       

And when im trying to ping my opnsense from outside, getting "Request timed out", but in logs opnsense says that icmp passes:
filterlog:92,,,0,bge0,match,pass,in,4,0x0,,122,1206,0,none,1,icmp,60,MYPC_IP,OPNSENSE_WAN_IP,datalength=40

The same problem is for example with OpenVPN, when im trying to connect from my PC to VPN server
In firewall rulles im allowing OpenVPN:
Proto    Source    Port    Destination    Port    Gateway    Schedule    Description    
IPv4 UDP    *    *    WAN address    1194 (OpenVPN)    *       OpenVPN wizard

And in firewall logs says that OpenVPN passes:
   filterlog: 124,,,0,bge0,match,pass,in,4,0x0,,122,1198,0,none,17,udp,114,MYPC_IP,OPNSENSE_WAN_IP,51615,1194,94

And logs from OpenVPN:
Oct 12 00:23:09    openvpn[20663]: MYPC_IP:51615 TLS Error: TLS handshake failed
Oct 12 00:23:09    openvpn[20663]: MYPC_IP:51615 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Oct 12 00:22:39    openvpn[20663]: MYPC_IP:51615 write UDPv4: Permission denied (code=13)

My PC is from outside of my OPNSENSE wan...

So there is somewhere miss configuration? Can any someone help me?
Pages1