Messages

I solved it by using a rule like this...



Gianluca

The rules are already in place to allow all traffic for those networks and the block to ICMP is on top of them...

[Gianluca]

The rule is working as I would like, but something is not going exactly as I expect.
Let's go in steps:

- from the LAN hosts I block all ICMP packets to the OPT1 hosts.
- from the OPT1 hosts I block all ICMP packets to the hosts of LAN
- I apply the rules
- firewall -> diagnostics -> states -> actions -> reset state table

After that the rules work.

Unexpected behavior, however, when I want to re-enable ICMP packet transit.

- from the LAN hosts I allow all ICMP packets to the OPT1 hosts
- from the OPT1 hosts I allow all ICMP packets to the hosts of LAN.
- I apply the rules

At this point only one of the two works. I have now made 5 attempts as described and the ping works 4 times for LAN and 1 time for OPT1. Almost like it was a random thing.

Forgive me, this sounds strange, but it is happening.

Gianluca

[Gianluca]

P.S. sorry for messed up answer ^^'

Vilhonator, are you kidding? :D Thank you very much for all the information you are giving me!!!

I read the solution you proposed, but I think I need something simpler: I just want to disable ping from OPT1 network hosts to LAN hosts and vice versa. Or enable it when it should be necessary. Nothing more. And the rule I have set doesn't work and I would like to know why...



Thanks again for everything!

Gianluca

Seems that all is as should be.

Okay, it looks like it's just a big misunderstanding, everything seems to be working properly. But but it is still possible from the OPT1 network to ping any PC in the LAN, but not vice versa. I would like to understand how to enable or disable pinging between hosts on the two networks at my convenience. The rule below should block ping from the OPT1 network to the LAN, and instead it continues to work. What am I doing wrong?

If ping doesn't work, despite disabling firewall on both computers, make sure OpnSense has all as should (no firewall rules blocking anything etc.)...

From what I have shown above it seems to be only a ping problem. As you can see, trying to connect to shared folders of the PCs on the other network, the PCs connect. At this point it really seems to be only a ping problem. For example, you can connect to an http server of one of the pc's on the other network:

How are you testing?

I tried pinging or connecting to a shared folder. The PCs do not respond to the ping, but they connect to the shared folders.

Are you sure local firewalls (i.e.,windows firewall) aren't blocking at the device level, that's caught me a few times?

The PCs' firewalls are temporarily disabled so as not to create interference.

Maybe you problem is

Firewall: Settings: Advanced: Disable reply-to

try to activate it.

Has already been activated.

Make sure that under Firewall Rules for OPT1 you allow communication from the OPT1 net to everything or at least LAN net.

[Gianluca]

Hello everyone. I have a strange configuration (the customer told me how he wanted it) that i can't get to work as i would like.

He has a single gateway, a modem/router provided by the ISP, with internal address 192.168.64.1 and an OPNsense box with WAN interface 192.168.64.15.

This has two separate LAN interfaces, one with address 192.168.32.1 (LAN interface) and another with address 192.168.48.1 (OPT1 interface). For some strange reason, all PCs on the LAN must communicate with PCs on the OPT1 network and vice versa.

Right now, recently installed, OPNsense makes the PCs on the LAN OPT1 network communicate with those on the OPT1 LAN network, but those on the OPT1 LAN network do not communicate with those on the LAN OPT1 network. No further changes have been made.

It would be necessary to have the PCs on the OPT1 LAN network communicate with those on the LAN OPT1 network and, when desired, to be able to isolate the two networks quickly (which is strange, but so much is).

Can you help me with this?

Gianluca