"
Alright, I found the issue. A single match-first block with an incorrect netmask caused the issue. *facepalm*
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
24.1, 24.4 Legacy Series / Re: OPNsense works perfectly except that itself cannot reach the LAN (routing works)
February 24, 2024, 02:02:40 PM #2
24.1, 24.4 Legacy Series / OPNsense works perfectly except that itself cannot reach the LAN (routing works)
February 24, 2024, 01:36:50 PM
I'm a long time and happy user of OPNsense and have recently moved my setup from a generic NUC type system to a DEC2750.
Essentially everything works, except that the router cannot ping or reach any host on the LAN.
It can reach its other local networks (e.g., DMZ, guests), has internet connectivity. Various VPNs work.
I can connect to the router from the LAN (ssh, web) normally and all routing and services work perfectly.
I noted the issue when acpupsd could not longer reach the UPS on the LAN.
When trying to ping LAN hosts (LAN net is 10.56.1.0/24), I get:
In the meantime, I disabled IPsec to avoid it possibly messing up routing in any way.
I tried some ultra-permissive firewall rules already, to no avail.
Only when I completely disable the firewall, I can ping/connect.
In case this may be relevant to the problem, the LAN interface is bound to the physical interface (ax0), whereas all the other interfaces are on VLANs attached to ax0. I am assuming however that if this were a pure VLAN issue, then I would get a timeout instead of a permission denied when trying to ping.
I searched the forums up and down but could not find a prior case like this.
Any thoughts on what could be causing this issue are therefore greatly appreciated!
Essentially everything works, except that the router cannot ping or reach any host on the LAN.
It can reach its other local networks (e.g., DMZ, guests), has internet connectivity. Various VPNs work.
I can connect to the router from the LAN (ssh, web) normally and all routing and services work perfectly.
I noted the issue when acpupsd could not longer reach the UPS on the LAN.
When trying to ping LAN hosts (LAN net is 10.56.1.0/24), I get:
Code Select
PING 10.56.1.3 (10.56.1.3): 56 data bytes
ping: sendto: Permission deniedIn the meantime, I disabled IPsec to avoid it possibly messing up routing in any way.
I tried some ultra-permissive firewall rules already, to no avail.
Only when I completely disable the firewall, I can ping/connect.
In case this may be relevant to the problem, the LAN interface is bound to the physical interface (ax0), whereas all the other interfaces are on VLANs attached to ax0. I am assuming however that if this were a pure VLAN issue, then I would get a timeout instead of a permission denied when trying to ping.
I searched the forums up and down but could not find a prior case like this.
Any thoughts on what could be causing this issue are therefore greatly appreciated!
Pages1
