"
I am in the club too. A lot of time has been wasted due to default reply-to setting.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
20.1 Legacy Series / Re: No ping from WAN to OPT1 (outbound NAT is disabled)
May 26, 2020, 05:10:20 PM
Thank you! This helped me!
https://github.com/opnsense/core/issues/3952
https://forum.opnsense.org/index.php?topic=15900.0
https://github.com/opnsense/core/issues/3952
https://forum.opnsense.org/index.php?topic=15900.0
#3
20.1 Legacy Series / No ping from WAN to OPT1 (outbound NAT is disabled)
May 26, 2020, 01:48:11 PM
Hi, Team!
I am dealing with strange behavior that I do not understand.
Here is my setup:
1. OPNsense has 4 interfaces:
2. WAN gateway (not OPNsense, used as upstream gateway):
3. Outbound NAT is disabled.
4. WAN_GW has 3 interfaces:
5. WAN_GW has static route:
6. There is a host in WAN:
The issue:
1. I am able to ping 10.10.2.1 (OPT2 host) from host in OPT1. Tracing is:
2. I am also able to ping 10.10.2.1 from host in OTHER_NET. Tracing is:
3. But I am not able to ping 10.10.2.1 from WAN_HOST (request timed out). Tracing has only timed out records.
There are only 3 rules (all are floating) except automatically generated ones:
Nothing changes if I add the following rule:
Does anyone have any suggestions on what's going on? I suggest this is either some default rule issue or some routing issue, but I am not sure.
I am dealing with strange behavior that I do not understand.
Here is my setup:
1. OPNsense has 4 interfaces:
Code Select
LAN 10.10.0.254 /24
WAN 10.10.10.1 /24
OPT1 10.10.1.254 /24
OPT2 10.10.2.254 /242. WAN gateway (not OPNsense, used as upstream gateway):
Code Select
WAN_GW 10.10.10.2543. Outbound NAT is disabled.
4. WAN_GW has 3 interfaces:
Code Select
GLOBAL_WAN <Public IP>
LOCAL_WAN 10.10.10.254/24
OTHER_NET 10.10.100.254/245. WAN_GW has static route:
Code Select
10.10.0.0/22 via 10.10.10.16. There is a host in WAN:
Code Select
WAN_HOST:
IP 10.10.10.15/24
GW 10.10.10.1The issue:
1. I am able to ping 10.10.2.1 (OPT2 host) from host in OPT1. Tracing is:
Code Select
10.10.1.254 (OPNsense)
10.10.2.1 (host)2. I am also able to ping 10.10.2.1 from host in OTHER_NET. Tracing is:
Code Select
10.10.100.254 (not OPNsense)
10.10.10.1 (OPNsense)
10.10.2.1 (host)3. But I am not able to ping 10.10.2.1 from WAN_HOST (request timed out). Tracing has only timed out records.
There are only 3 rules (all are floating) except automatically generated ones:
Code Select
Allow from source 10.10.100.0/24 to destination 10.10.0.0/22 for WAN interface
Allow from source 10.10.10.0/24 to destination 10.10.0.0/22 for WAN interface
Allow from source 10.10.1.0/24 to destination 10.10.0.0/22 for OPT1 interfaceNothing changes if I add the following rule:
Code Select
Allow from any source to any destinationDoes anyone have any suggestions on what's going on? I suggest this is either some default rule issue or some routing issue, but I am not sure.
Pages1
