"
Well, I found the "Disable reply-to" setting in Firewall: Settings: Advanced, which led me to the following topic, that describes exactly what I'm facing: https://forum.opnsense.org/index.php?topic=15900.0
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
21.1 Legacy Series / Re: Why is the WAN interface sending packets to the wrong destination MAC address?
May 17, 2021, 11:11:41 PM #2
21.1 Legacy Series / Why is the WAN interface sending packets to the wrong destination MAC address?
May 17, 2021, 10:44:08 PM
Hi everyone :D I just switched from pfSense to OPNsense, it feels nice but I have a small problem I hadn't encountered before switching to OPNsense.
My network consists of two routers, a computer, and a server. I configured OPNsense to NAT the 445 port to a file server to expose Samba shares. When trying to reach the file share from a computer in the 192.168.1.0 /24 subnet, the computer doesn't receive a response from the server.
I placed a network tap to listen to traffic and noticed that when replying to the computer, the TCP [SYN, ACK] from the server is sent by OPNsense to 192.168.1.1 but with the destination MAC address of the ISP router: 11:11:11:11:11:11. As it doesn't receive a reply, the computer then tries again and starts a TCP retransmission.
OPNsense is configured as follows: the WAN interface has 192.168.1.254 as a gateway and NAT outbound rules that rewrite the source address for traffic exiting the firewall. Traffic from the LAN network to the internet works fine. Am I missing something or is there a bug writing the wrong destination MAC address in exiting packets?
Thanks for your help!
My network consists of two routers, a computer, and a server. I configured OPNsense to NAT the 445 port to a file server to expose Samba shares. When trying to reach the file share from a computer in the 192.168.1.0 /24 subnet, the computer doesn't receive a response from the server.
I placed a network tap to listen to traffic and noticed that when replying to the computer, the TCP [SYN, ACK] from the server is sent by OPNsense to 192.168.1.1 but with the destination MAC address of the ISP router: 11:11:11:11:11:11. As it doesn't receive a reply, the computer then tries again and starts a TCP retransmission.
Quote192.168.1.1:49849 (33:33:33:33:33:33) -> 192.168.1.253:445 (22:22:22:22:22:22) [SYN]
192.168.1.253:445 (22:22:22:22:22:22) -> 192.168.1.1:49849 (11:11:11:11:11:11) [SYN, ACK]
OPNsense is configured as follows: the WAN interface has 192.168.1.254 as a gateway and NAT outbound rules that rewrite the source address for traffic exiting the firewall. Traffic from the LAN network to the internet works fine. Am I missing something or is there a bug writing the wrong destination MAC address in exiting packets?
Thanks for your help!
Pages1
