Messages

1

General Discussion / Re: Transparent bridge working, but can't connect to anywh. from the Firewall itself

« on: April 21, 2023, 04:58:24 am »

OK, I solved this, but I don't quite know what setting change solved it. Somewhere at the gateways or interfaces settings.
Sorry to be so unspecific. Attaching my config.xml file in case anyone wants to check it for answers.

2

General Discussion / Transparent bridge working, but can't connect to anywh. from the Firewall itself

« on: April 16, 2023, 02:41:59 am »

[SOLVED]
Hi,
I have successfully set up an transparent firewall bridge with OPNsense, with all IPs from the same subnet, 138.105.117 (the actual subnet is different, just changed the numbers in this post for privacy reasons)
It works fine, everybody can connect to the internet and be accessed from the internet, however: from the firewall itself (either from the console, shell, or from within the Web GUI), I cannot ping anything, or connect to anything e.g. via ssh)
SSHing into the firewall from outside works finde, SSHing out of the firewall doesn't work.
This is a problem, because thus, I cannot download any plugins or updates to the firewall.
I even tried switching the interface physically (plugging the Internet cable into the LAN jack and plugging the lan cable into the WAN jack). Interestingly enough, the firewall still worked.
But still no connection to the outside from the firewall itself.

Does anyone have an idea how to solve this?
Greetings
Harald

This is what appears upon starting the machine:

LAN (em0)       ->
 OPT1 (bridge0)  -> v4: 138.105.117.221/32
 WAN (igb0)      -> v4: 138.105.117.19/24

And this is the output of ifconfig:

root@OPNsense:~ # ifconfig
em0: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: LAN (lan)
        options=4802008<VLAN_MTU,WOL_MAGIC,NOMAP>
        ether 00:19:99:f5:0b:b5
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igb0: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: WAN (wan)
        options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,NOMAP>
        ether 3c:49:37:18:56:66
        inet 138.105.117.19 netmask 0xffffff00 broadcast 138.105.117.255
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igb1: flags=8822<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=4802028<VLAN_MTU,JUMBO_MTU,WOL_MAGIC,NOMAP>
        ether 3c:49:37:18:56:67
        media: Ethernet autoselect
        status: no carrier
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
enc0: flags=0<> metric 0 mtu 1536
        groups: enc
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
pfsync0: flags=0<> metric 0 mtu 1500
        syncpeer: 0.0.0.0 maxupd: 128 defer: off
        syncok: 1
        groups: pfsync
pflog0: flags=20100<PROMISC,PPROMISC> metric 0 mtu 33160
        groups: pflog
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: OPT1 (opt1)
        ether 58:9c:fc:10:80:16
        inet 138.105.117.221 netmask 0xffffffff broadcast 138.105.117.221
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: igb0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 2 priority 128 path cost 20000
        member: em0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 1 priority 128 path cost 20000
        groups: bridge
        nd6 options=9<PERFORMNUD,IFDISABLED>