Messages

1

19.1 Legacy Series / Re: Routing to the WAN-subnet

« on: April 05, 2019, 03:00:46 pm »

I just realised I'm  using 19.7 (because of the wireguard support). Can a moderatore move my thread to the other board or should I repost it there?

[edit] I did another test, this also happens with 19.1 :-/

2

19.1 Legacy Series / Routing to the WAN-subnet

« on: April 05, 2019, 11:42:11 am »

Hello everyone,

I have a strange problem and I'm not sure where the problem lies.

I'm using OPNsense in front of one of my servers. I have a /27 subnet on the WAN part. The OPNsense box uses 4 of those adresses (1 for the box, 3 Virtual IPs). There are two other firewalls in this subnet which use the other IPs.
I made sure none of the WAN-IPS are assigned multiple times, etc.

I set up NAT on the OPNsense box and it works nicely if I connect from the LAN or from the WAN. With one exception: If I connect from one of the other firewalls, it won't work.

I did a lot of debugging and I think I found the cause of the problem:
Packets from the firewall are directly send to the OPNsense box (since its the same subnet, there is no reason to sent it to the router/gateway first).
Packets from the OPNsense box to the firewall are sent to the gateway/router. The gateway/router routes them into the internet instead of reflecting them back into the WAN subnet. Since the OPNsense box  and the firewall are in the same subnet, there is no need to route the packets through the gateway...

Is there a way to change this behaviour in OPNsense? (I can't reconfigure my router/gateway... and the other firewalls work without any problems).

Do you need more information about my configuration?