Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - wgloes

Pages1
#1
20.7 Legacy Series / Re: Pakets from the same source will be blocked some times some times not
December 29, 2020, 06:59:46 PM
OK, I found out that the solution is https://pfsense-docs.readthedocs.io/en/latest/firewall/troubleshooting-blocked-log-entries-due-to-asymmetric-routing.html.

Very strange because no one of the described scenario is matching with my environment  :-\. I've only one configured gateway for the WAN interface, I've some static routes because of another router behind the firewall, but all of them behind the WAN interface.

I've configured now the rules from internal LAN to the management network according the mentioned URL.
Is anybody there to help me to find out the reason because of that?

Wolf
#2
20.7 Legacy Series / Pakets from the same source will be blocked some times some times not
December 29, 2020, 06:03:24 PM
Hi,

I've a very strange behavior. HTTPS packets are going through the FW and some seconds later are going to be blocked (see screenshot). It looks like this is affecting only some kinds of packets. The mentioned HTTPS packets are affected, SSH packets too (SSH connections are disconnected every some seconds). In summary we are speaking from TCP connections I think. ICMP packets to the same destination are going through without interruption.
Any ideas?

Best regards.
Wolf
#3
20.7 Legacy Series / Re: Standard rule "let out anything from firewall host itself"
December 24, 2020, 12:19:54 PM
I think there is a slight misunderstanding or misinterpretation on my side. I'm more bothered by the global standard rule, that allows all outgoing traffic not only from the firewall itself but also for all networks and interfaces. And this is the last rule at "Floating". If there is no other blocking or pass rule with dedicated hosts/ports/networks etc. rule before this last rule all outgoing network traffic is allowed if I'm correct.
#4
20.7 Legacy Series / Re: Standard rule "let out anything from firewall host itself"
December 24, 2020, 11:23:51 AM
If I understand you correctly, I've to write two rules (one for incoming and one for outgoing packets) to have full control over the packet flow through the firewall? In the case of using the standard rule, I can control the incoming packets only by a dedicated rule because the standard rule is an outgoing rule.
#5
20.7 Legacy Series / Standard rule "let out anything from firewall host itself"
December 23, 2020, 10:32:05 PM
I'm new with OPNsense but not with firewalls in generally.
My scenario is:
- OPNSense FW without NAT as the second FW behind an external FW
- There are some networks connected to the OPNsense FW to be separated
- "Green" interface goes to the external FW
- "Internal Interface like the name said is internal

Contrary to other FW it seems like that the IP packets will be routed over different rules inbound and outbound (see attachment). Is this by design is there a missconfiguration or is it the kind how the log is displayed?

Wolf
Pages1