OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of Fred Krokant »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - Fred Krokant

Pages: [1]
1
General Discussion / Re: Rule: Allow all from Interface net, Always blocked by "Default deny /state..."
« on: July 29, 2023, 10:09:35 pm »
Hi,
The opensense is on a Protectli Appliance. It's connected to a trunk port on the switch.
The switch is a juniper EX devices and is set up properly, I have many VLAN defined. They all work as intended.
Traffic on VLAN 30 is arriving trough the trunk at the Firewall but gets blocked.

If I would have had issue on my switch or on the clients, I would not even see anything on the live view of the log files of the opensense FW.
And just to be sure I tried also to extend VLAN  30 to my Wireless network (UNifi controller and accesspoints), which is ok, but also there  I see traffic denied on my firewall, coming from my Smartphone (10.0.30.200) connected on the Services SSID and Services VLAN 30 network...
So it must be something on the Firewall.

VLAN 10 (TRusted) is working fine , no blockage, traffic arrives and gets also out via the NAT to the internet... Same settings on interface Trusted as on interface Services on Opensense (well except for the IP of course -> 10.0.10.0/24 vs 10.0.30.0/24)

2
General Discussion / Rule: Allow all from Interface net, Always blocked by "Default deny /state..."
« on: July 29, 2023, 09:26:27 pm »
Hi,

I've got a real brain cracker here.
I've got a client on the "Services" VLAN (30) with IP 10.0.30.5 which tries to send traffic to it's gateway on the Opensense Router /FW. The gateway interface of Services with the same name has IP 10.0.30.1

I've set a rule on that interface (Services):
PASS / IN direction / TCP/IP IPv4+IPv6 / any protocol / source: Services net / destination and port : Any
So that should suffice. It is the only rule set.

But traffic , weather to the gateway or even outside (to 8.8.8.8) get blocked by the firewall on the rule "Default deny / state violation rule", which is a, "atomatically generated rule" that is set as last match.
So it seems thaht for any reason, my custom set "PASS" rule does not get matched, and I do not see why.

Even more, I have another VLAN called "Trusted" (other tag other subnet and gateway ofcourse), that has the same firewall settings, so same sort of rule, and traffic from the VLAN / subnet client does not get blocked.

I've attached necessary screenshots. Please does anyone have a clue? Does any one see "the elepahnt in the room"?

Thanks in advance,
Fred

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2