Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - ddutch206

Pages1
#1
22.7 Legacy Series / Re: Can't reach host from one interface to another
December 09, 2022, 04:17:47 PM
Ok two replies that say floating rules is a bad idea. So I will spend tonight changing my floating rules to be on the interface.

Honestly the reason was laziness. I knew I didn't want to create a bridge network, but did want the internal interfaces to have the ability to access each other. Coming into the WAN I only have 4 ports defined, everything else is closed down.

#2
22.7 Legacy Series / Can't reach host from one interface to another
December 09, 2022, 11:29:17 AM
I am admit-tingly a very novice user of Opnsense but after struggling for two days, its time to ask for help.

Current setup.

Running latest version of OPNsense on a mini PC with 6x i226 ethernet ports (https://cwwk.net/products/j6412-j6413six-network-port-i226-nic-2-5g-soft-routing-mini-host-industrial-automation-retail-smart-city).

eth0 is WAN
eth1 is LAN, 10.0.0.1/24, unplugged
eth2 is Wifi, 10.0.2.1/23 - connected to a ethernet over power device that is powering two ASUS APs. Sixty devices sit on this. Its /23 on purpose because I've (not joking) run out of IPs before on /24.
eth3 is Media, 10.0.4.1/29 - directly connected to a NAS/Server (running on 10.0.4.2) serving media in the house
eth4 is VoIP, 10.0.5.1/29 - Gigaset VoIP (running on 10.0.5.2)

Most of the traffic sits on eth2, including the laptop I'm writing this on.

Reaching 10.0.0.1 (OPNsense) and 10.0.4.2 (various docker containers) HTTPS ports work w/o issue from 10.0.2.1/23. However I can't reach 10.0.5.2's HTTP port from my laptop. I can ping the IP just fine, but port 80 is non-responsive.

From the host running OPNsense, I can reach port 80

My laptop:

bash-5.2$ telnet 10.0.5.2 80                                                                                             
Trying 10.0.5.2...
telnet: connect to address 10.0.5.2: Operation timed out
telnet: Unable to connect to remote host


OPNsense:

XXXXXX@corerouter:~ $telnet 10.0.5.2 80
Trying 10.0.5.2...
Connected to SL450A-GO.XXXX
Escape character is '^]'.


I have four floating rules setup to allow access into the LAN, Wifi, Media and VOIP interfaces. This works fine for Wifi -> Media and I have an identical one for the VOIP network


https://imgur.com/a/IPHQDxY

I'm at a loss as to why I can't reach port 80 from any device on the 10.0.2.1/23 network to the device on the 10.0.5.1/29 network when pinging the device works w/o issue.
Pages1