Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - breisbrenny

Pages1
#1
22.1 Legacy Series / Re: [Firewall] Configuring allow all in/out on a WAN interface
February 22, 2022, 06:15:03 PM
Update!

We've figured out UDP + ICMP pass without an issue, the default deny rule is only catching TCP packets although there is a rule in-spec to allow the traffic!
#2
22.1 Legacy Series / Re: [Firewall] Configuring allow all in/out on a WAN interface
February 22, 2022, 05:29:04 PM
Picture of default deny hitting attached
#3
22.1 Legacy Series / [Firewall] Configuring allow all in/out on a WAN interface
February 22, 2022, 05:19:05 PM
Hi there,
We have a customer traffic network which should allow all WAN traffic in/out directly to the machines!

There is no NAT on this network, the subnet goes straight upstream and the machines are connected directly to this WAN with a public IP address.

The default deny rule, although we have Allow all in/out to WANCustomer set, keeps stopping TCP/UDP (but oddly not ICMP) traffic from hitting the servers.

Any ideas on how we can figure out why the allow rule is being ignored/manually set a default deny rule on other interfaces and remove the floating one?
#4
22.1 Legacy Series / Re: Assigning devices WAN IP addresses
February 13, 2022, 04:06:57 PM
A test device placed into the same VLAN could contact the gateway (ping router1), but the router the gw is running on could not ping the client device (ICMP traffic is allowed on both devices)
#5
22.1 Legacy Series / Assigning devices WAN IP addresses
February 13, 2022, 03:31:26 PM
Hi all,
Wondering if this is possible in OPNsense!

We have two routers (one redundant w/ CARP) and a single WAN interface which has two subnets assigned to it (a /29 for internal use and /28 for some bare metal machines that should be assigned an IP on activation).

We have a VLAN called BMTraffic that we've configured for the /28, the WAN interface is configured with some IPs from the /29 (VIP, router1, router2).

There's a DHCP server from ISPsystems DCImanager running on a VM that assigns IPs to the machines as they get provisioned, how can I go about configuring the upstream gateway on the VLAN that goes through the WAN (is this even possible), and how can I get routing functional at all (forget about the upstream gateway) as we can't even get traffic routed locally when we issue the addresses from the /28 to machines



Tl;dr WAN interface with two subnets, have a VLAN configured and attached as a physical interface on the OPNsense routers, have a DHCP server assigning IPs from an unused subnet to devices and configured the interface to use that previously unused subnet, how can I actually route traffic on that interface with that subnet since it isn't working
Pages1