Messages

1

19.7 Legacy Series / Re: Trouble allowing traffic from WAN to internal network

« on: November 29, 2019, 08:59:21 pm »

Hello again,

I originally did disable the block private networks option on the WAN interface, sorry I forgot to mention that. The issue still seems to occur.

I'm not sure how I can attach a screenshot to my post in this forum, I don't see an option for it.

I did add the following rule to my WAN to do some testing.
IPv4 ICMP    Source:*      Port:*         Destination:*         Gateway:*      Schedule:*
After adding this rule, I am still unable to ping the firewall or anything on the network from my host machine. I am also still unable to access the local networks specified in the server when connecting to OpenVPN.

This is the NAT port forwarding setting I added:
WAN    Proto:TCP    Source:*    Ports:*    Destination:192.168.50.244    Ports:80(HTTP)    NAT:192.168.2.3/24 Ports:80(HTTP)
I am still unable to access the website on the webserver hosted in the DMZ.

My other firewall rules are below

LAN)
IPv4        Source:192.168.3.0/24   Port:*   Destination:*              Port:*   Gateway:*    Schedule:*
IPv4TCP   Source:LAN net              Port:*   Destination:DMZ net   Port:*   Gateway:*    Schedule:*

DMZ)
BlockIPv4*   Source:DMZ net   Port:*   Destination:LAN net   Port:*   Gateway:*   Schedule:*
PassIPv4*     Source:DMZ net   Port:*   Destination:*            Port:*   Gateway:*    Schedule:*

I have confirmed all machines do have the correct default GW.

-Thanks Again

Andrew

2

19.7 Legacy Series / Re: Trouble allowing traffic from WAN to internal network

« on: November 29, 2019, 07:50:19 am »

Update: I am not sure I set up the port forwarding rules correctly as I have never done it before, so any advice on that would be great too.

3

19.7 Legacy Series / Trouble allowing traffic from WAN to internal network

« on: November 29, 2019, 07:48:29 am »

Hello,

I am currently working on a project for school, I am having some trouble getting traffic to travel from the wan network to the internal network. My deadline is coming up soon, so any help would be greatly appreciated.

So my network is as follows:
(FYI This is all done in virtualbox)

I have an OPNSense firewall with 3 NICS
DMZ (em2) - 192.168.2.1/24
LAN (em1) - 192.168.1.1/24
WAN (em0) - DHCP4: 192.168.50.244/24

Directly connected to the OPNSense DMZ interface is a Windows honeypot(DHCP) and a Windows Webserver (192.168.2.2), this Webserver hosts a simple website using http.

Directly connected to the LAN interface of the firewall is a router with 3 nics
External: 192.168.1.1 - connected to the firewall
LAN: 192.168.4.1 - domain controller and servers are on this network
LAN: 192.168.3.1 - Windows workstation is connected to this network

So I am currently experiencing two issues which I think may be related.

1)
I installed OpenVPN using the OpenVPN wizard in the web GUI for OPNSense. After installing I am able to successfully connect from my host machine. However after I connect I am unable to ping the local networks I specified in the VPN server which would be 192.168.4.0/24 and 192.168.3.0/24. I'm not sure if it is an issue with the firewall rules, they were created automatically when using the wizard to set up the server.

2)
I am unable to access the website hosted on the webserver in the DMZ even though I have specified rules in the firewall to allow http traffic from the wan to the DMZ. The website on the web server is a simple ip base website using the address 192.168.2.3.

My firewall rules are as follows:
WAN)
IPv4 TCP         Source:*    Port:*     Destination:DMZ Net          port:80(HTTP)             Gateway:*    Schedule:*
IPv4+6 UDP    Source:*    Port:*     Destination:WAN address    port:1194(OpenVPN)   Gateway:*    Schedule:*

OpenVPN)
IPv4+6*         Source:*    Port:*      Destination:*                    port:*                         Gateway:*    Schedule:*


I think I need to add some port forwarding rules in the firewall. I tried to add some port forwarding rules through NAT. I also attempted to set up a 1:1 NAT using a virtual IP that I set up in the Virtual IP section. Neither of these options seemed to work. Any suggestions would be greatly appreciated.

-Thanks