"
Removing the rules on WAN just solved the issue... It now works without the floating rule. I don't understand why adding these PASS rules would restrict more than no rule, but I guess if it works...
Thanks for the help!
Thanks for the help!
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
19.7 Legacy Series / Re: Confused with default ruleset
January 03, 2020, 07:14:49 PM
I do have a private IP on WAN (in the ISP box subnet), and "Block private networks" + "Block bogus networks" are unchecked on LAN and WAN interfaces.
On LAN I have "auto detect" as the IPv4 Upstream Gateway, and on WAN the ISP box private IP.
I suspect outbound NAT is not working correctly since I don't see blocked packets, but not sure what to do differently. I have the default auto created rule in outbound NAT.
On LAN I have "auto detect" as the IPv4 Upstream Gateway, and on WAN the ISP box private IP.
I suspect outbound NAT is not working correctly since I don't see blocked packets, but not sure what to do differently. I have the default auto created rule in outbound NAT.
#3
19.7 Legacy Series / [solved] Confused with default ruleset
January 03, 2020, 01:38:34 PM
Hi, I am just getting started with OPNSense 19.7.8 with a very basic setup: ISP box <WAN> OPNSense <LAN> PC.
If I create "Allow all in IPV4"+"Allow all out IPV4" rules on both LAN and WAN interfaces, PC can't get past OPNSense (can't ping ISP box for instance). I can't see any deny in the logs.
When I look at the auto generated floating rules, I see two rules called "block all targetting port 0", but both have "port *" for source and destination. So it seems logical these rules drop all traffic, looks like a bug ? Or is it just badly worded / bad display ?
Now if I create a floating rule "Pass all IPV4 in any direction", PC has full connectivity (can access ISP box / internet / DNS works). But this is not what I want obviously, and I don't even understand how this workaround works since this rule comes after the auto-generated ones. So if the "block all targetting port 0" rules were the issue, this workaround should not work ?
Any hint ?
If I create "Allow all in IPV4"+"Allow all out IPV4" rules on both LAN and WAN interfaces, PC can't get past OPNSense (can't ping ISP box for instance). I can't see any deny in the logs.
When I look at the auto generated floating rules, I see two rules called "block all targetting port 0", but both have "port *" for source and destination. So it seems logical these rules drop all traffic, looks like a bug ? Or is it just badly worded / bad display ?
Now if I create a floating rule "Pass all IPV4 in any direction", PC has full connectivity (can access ISP box / internet / DNS works). But this is not what I want obviously, and I don't even understand how this workaround works since this rule comes after the auto-generated ones. So if the "block all targetting port 0" rules were the issue, this workaround should not work ?
Any hint ?
Pages1
