Messages

1

21.1 Legacy Series / Re: Why is the WAN interface sending packets to the wrong destination MAC address?

« on: May 17, 2021, 11:11:41 pm »

Well, I found the "Disable reply-to" setting in Firewall: Settings: Advanced, which led me to the following topic, that describes exactly what I'm facing: https://forum.opnsense.org/index.php?topic=15900.0

2

21.1 Legacy Series / Why is the WAN interface sending packets to the wrong destination MAC address?

« on: May 17, 2021, 10:44:08 pm »

Hi everyone I just switched from pfSense to OPNsense, it feels nice but I have a small problem I hadn't encountered before switching to OPNsense.

My network consists of two routers, a computer, and a server. I configured OPNsense to NAT the 445 port to a file server to expose Samba shares. When trying to reach the file share from a computer in the 192.168.1.0 /24 subnet, the computer doesn't receive a response from the server.

I placed a network tap to listen to traffic and noticed that when replying to the computer, the TCP [SYN, ACK] from the server is sent by OPNsense to 192.168.1.1 but with the destination MAC address of the ISP router: 11:11:11:11:11:11. As it doesn't receive a reply, the computer then tries again and starts a TCP retransmission.

192.168.1.1:49849 (33:33:33:33:33:33) -> 192.168.1.253:445 (22:22:22:22:22:22) [SYN]
192.168.1.253:445 (22:22:22:22:22:22) -> 192.168.1.1:49849 (11:11:11:11:11:11) [SYN, ACK]

OPNsense is configured as follows: the WAN interface has 192.168.1.254 as a gateway and NAT outbound rules that rewrite the source address for traffic exiting the firewall. Traffic from the LAN network to the internet works fine. Am I missing something or is there a bug writing the wrong destination MAC address in exiting packets?

Thanks for your help!