OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of lw-admin »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - lw-admin

Pages: [1]
1
22.7 Legacy Series / Re: Traffic between opt interfaces denied | Default deny / state violation rule
« on: January 06, 2023, 01:23:02 pm »
Thank you, that makes a lot of sense.

I have disabled the floating rules and added an any/any on the PP1 and TC_PSS interfaces to confirm routing. I am no longer hitting the default deny but I am still not getting a response. I have also tried PP1-PP2 interfaces and it fails to get a reply. Could this be a routing issue? If so is there some best practise to get traffic flow between interfaces?

2
22.7 Legacy Series / Re: Traffic between opt interfaces denied | Default deny / state violation rule
« on: January 06, 2023, 12:32:48 pm »
What would you say about my implementation is wrong specifically? I know floating rules are processed first, but the default deny is set to last match. All my rules are set to first match. Should that not override the default deny? Have I misunderstood something here? I'm relatively new to opnsense.

3
22.7 Legacy Series / Re: Traffic between opt interfaces denied | Default deny / state violation rule
« on: January 06, 2023, 12:19:15 pm »
Thanks, I will do that. However the floating rules appear to be working. The issue is it isn't hitting my allow rules, why is it hitting default deny before my allows?

4
22.7 Legacy Series / Traffic between opt interfaces denied | Default deny / state violation rule
« on: January 06, 2023, 12:11:03 pm »
I have a setup with the below interfaces:

WAN
TC_PSS - 172.16.200.1
PP1 - 172.16.201.1
PP2 - 172.16.202.1
PP3 - 172.16.203.1

Rules are set to allow traffic between the PP interfaces to TC_PSS, but to block traffic between PP interfaces. The issue I have is any traffic between the PP and TC_PSS interfaces is ignoring my allow rules and is hitting the floating Default deny rule first. What am I doing wrong?

Additionally, pings from devices on PP1 to TC_PSS do not hit any deny rules, but never get replies. Am I getting asymmetric routing?

I have attached the rules I have configured. Any help would be greatly appreciated.

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2