Show Posts
1
General Discussion / First rule passes, 30 seconds later blocks on default rule
« on: June 15, 2021, 10:50:09 pm »
Hello Opnsense friends,
I have been struggling with some behavior on my opnsense firewall, where i would like to learn why this behavior is happening. Maybe the way i configured the rule is not best practice or something else is happening. Hopefully you can guide me in the right way.
Setup is quite simple, where i have 8 interfaces with 5 of them are VLANS for internal network traffic only.
In VLAN20 i have a management workstation, that should be able to access every VLAN in the network.
So i made the following rule:
https://ibb.co/c1jdmpd
https://ibb.co/4WTGzkJ
This works fine for almost everything, except for when i have SSH traffic from my management workstation to a SSH instance in VLAN10. The connection opens fine, and i can work for about 30 seconds and then the connection gets blocked by the default rule.
https://ibb.co/ZGXCnsQ
Anyone who can advice me on what i did wrong, or what is best practice in my case / setup? Should i split up the alias in multiple networks / rules?
Secondly, why does it pass and work normally for other traffic without going in the default block rule? There is no manual rule on the network that disallows SSH traffic.
Thank you very much.
I have been struggling with some behavior on my opnsense firewall, where i would like to learn why this behavior is happening. Maybe the way i configured the rule is not best practice or something else is happening. Hopefully you can guide me in the right way.
Setup is quite simple, where i have 8 interfaces with 5 of them are VLANS for internal network traffic only.
In VLAN20 i have a management workstation, that should be able to access every VLAN in the network.
So i made the following rule:
https://ibb.co/c1jdmpd
https://ibb.co/4WTGzkJ
This works fine for almost everything, except for when i have SSH traffic from my management workstation to a SSH instance in VLAN10. The connection opens fine, and i can work for about 30 seconds and then the connection gets blocked by the default rule.
https://ibb.co/ZGXCnsQ
Anyone who can advice me on what i did wrong, or what is best practice in my case / setup? Should i split up the alias in multiple networks / rules?
Secondly, why does it pass and work normally for other traffic without going in the default block rule? There is no manual rule on the network that disallows SSH traffic.
Thank you very much.