Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - abenaou

Pages1
#1
24.7, 24.10 Legacy Series / Re: Firewall blocking legit traffic for one host
August 09, 2024, 05:44:27 AM
I solved the issue, it turned out that there was a route that I didn't create, since I have 2 opnsense routers, each with its own WAN, the rule forwarded the traffic to the second router (10.98.200.1), then the router forwarded back the traffic to the first router (10.99.200.1) which resulted in traffic being denied.
Once I deleted the route the traffic was forwarded correctly.
#2
24.7, 24.10 Legacy Series / Re: Firewall blocking legit traffic for one host
August 07, 2024, 07:11:53 PM
Any idea what might be the issue or things I need to check?

Thanks
#3
24.7, 24.10 Legacy Series / [SOLVED] Firewall blocking legit traffic for one host
August 06, 2024, 09:57:12 PM
Hi everyone,

I am running a vm opnsense with nic pass through, one day a host took the same IP address of my freebsd samba directory server, so naturally it lost all connections.

I resolved the IP configuration, but now opnsense blocks any traffic going from that host 10.99.200.180 and going to the internet, it even blocks ICMP from 10.99.200.180 to 10.99.200.1

I tried everything, from reboot to clearing the firewall states, I even added an allow all for that host but nothing makes a difference :

Code Select
LAN99 2024-08-06T13:55:26-06:00 8.8.8.8:53 10.99.200.180:50412 udp Default deny / state violation rule
LAN99 2024-08-06T13:55:26-06:00 8.8.8.8:53 10.99.200.180:23150 udp Default deny / state violation rule
LAN99 2024-08-06T13:55:21-06:00 8.8.8.8:53 10.99.200.180:61680 udp Default deny / state violation rule
LAN99 2024-08-06T13:55:16-06:00 8.8.8.8:53 10.99.200.180:41532 udp Default deny / state violation rule
LAN99 2024-08-06T13:55:11-06:00 8.8.8.8:53 10.99.200.180:37913 udp Default deny / state violation rule
LAN99 2024-08-06T13:54:41-06:00 8.8.8.8:53 10.99.200.180:40618 udp Default deny / state violation rule
LAN99 2024-08-06T13:54:40-06:00 8.8.8.8:53 10.99.200.180:51398 udp Default deny / state violation rule
LAN99 2024-08-06T13:54:36-06:00 8.8.8.8:53 10.99.200.180:55795 udp Default deny / state violation rule
LAN99 2024-08-06T13:54:34-06:00 8.8.8.8:53 10.99.200.180:30997 udp Default deny / state violation rule

Oddly traffic coming from another vlan is transmitted to the host :

Code Select
LAN98 2024-08-06T13:55:45-06:00 10.98.200.20:24881 10.99.200.180:53 udp let out anything from firewall host itself (force gw)
LAN98 2024-08-06T13:55:45-06:00 10.98.200.20:56589 10.99.200.180:53 udp let out anything from firewall host itself (force gw)
LAN98 2024-08-06T13:55:45-06:00 10.98.200.20:12203 10.99.200.180:53 udp let out anything from firewall host itself (force gw)
LAN98 2024-08-06T13:55:45-06:00 10.98.200.20:64138 10.99.200.180:53 udp let out anything from firewall host itself (force gw)
LAN98 2024-08-06T13:55:45-06:00 10.98.200.20:3546 10.99.200.180:53 udp let out anything from firewall host itself (force gw)
LAN98 2024-08-06T13:55:45-06:00 10.98.200.20:29368 10.99.200.180:53 udp let out anything from firewall host itself (force gw)
LAN98 2024-08-06T13:55:45-06:00 10.98.200.20:4573 10.99.200.180:53 udp let out anything from firewall host itself (force gw)
LAN98 2024-08-06T13:55:45-06:00 10.98.200.20:55236 10.99.200.180:53 udp let out anything from firewall host itself (force gw)
LAN98 2024-08-06T13:55:45-06:00 10.98.200.20:54747 10.99.200.180:53 udp let out anything from firewall host itself (force gw)
LAN98 2024-08-06T13:55:45-06:00 10.98.200.20:32114 10.99.200.180:53 udp let out anything from firewall host itself (force gw)

Can you please help?

Thanks
Pages1