Messages

1

19.7 Legacy Series / Re: Confused with default ruleset

« on: January 03, 2020, 07:49:32 pm »

Removing the rules on WAN just solved the issue... It now works without the floating rule. I don't understand why adding these PASS rules would restrict more than no rule, but I guess if it works...

Thanks for the help!

2

19.7 Legacy Series / Re: Confused with default ruleset

« on: January 03, 2020, 07:14:49 pm »

I do have a private IP on WAN (in the ISP box subnet), and "Block private networks" + "Block bogus networks" are unchecked on LAN and WAN interfaces.

On LAN I have "auto detect" as the IPv4 Upstream Gateway, and on WAN the ISP box private IP.

I suspect outbound NAT is not working correctly since I don't see blocked packets, but not sure what to do differently. I have the default auto created rule in outbound NAT.

3

19.7 Legacy Series / [solved] Confused with default ruleset

« on: January 03, 2020, 01:38:34 pm »

Hi, I am just getting started with OPNSense 19.7.8 with a very basic setup: ISP box <WAN> OPNSense <LAN> PC.

If I create "Allow all in IPV4"+"Allow all out IPV4" rules on both LAN and WAN interfaces, PC can't get past OPNSense (can't ping ISP box for instance). I can't see any deny in the logs.

When I look at the auto generated floating rules, I see two rules called "block all targetting port 0", but both have "port *" for source and destination. So it seems logical these rules drop all traffic, looks like a bug ? Or is it just badly worded / bad display ?

Now if I create a floating rule "Pass all IPV4 in any direction", PC has full connectivity (can access ISP box / internet / DNS works). But this is not what I want obviously, and I don't even understand how this workaround works since this rule comes after the auto-generated ones. So if the "block all targetting port 0" rules were the issue, this workaround should not work ?

Any hint ?