1
General Discussion / Re: Opnsense access from WAN system (Daisy chained router)
« on: September 28, 2024, 05:58:07 am »
Scratch that. It worked. Thank you!
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
General Discussion / Re: Opnsense access from WAN system (Daisy chained router)
« on: September 28, 2024, 05:49:26 am »The source needs to be "any".
Tried that and it's still timing out. Still need to do the console command to connect.
3
General Discussion / Re: Opnsense access from WAN system (Daisy chained router)
« on: September 28, 2024, 01:12:08 am »
Nobody has anymore ideas?
4
General Discussion / Re: Opnsense access from WAN system (Daisy chained router)
« on: September 26, 2024, 03:16:38 pm »
Here is the full rule in PDF format. The source "Lan Address" was the last thing I tried. Before I had it set to the actual IP address of 192.168.10.101.
5
General Discussion / Re: Opnsense access from WAN system (Daisy chained router)
« on: September 26, 2024, 03:11:55 pm »
Also, why would this behaviour not be happening when I use the console command? It seems to be only linked to the GUI. I may need to screenshot my entire rule... maybe there is something I am doing wrong.
6
General Discussion / Re: Opnsense access from WAN system (Daisy chained router)
« on: September 26, 2024, 03:07:21 pm »In my case, wouldnt the default gateway be the router which my system is using? So it would be right?Right when trying to access across the Internet. Wrong if there is an entire WAN network and you are trying to access the UI from a PC connected to that same network as OPNsense and the default gateway.
In that case sending the reply packets to the gateway instead of using ARP on the local network is exactly what makes the UI access fail.
I wonder why that "magic" exists at all. OPNsense should follow its routing table and that's that. Unless explicit policy routing is configured.
P.S. use tcpdump on WAN and observe what happens.
Given this, what should I set here (in the rule)
7
General Discussion / Re: Opnsense access from WAN system (Daisy chained router)
« on: September 26, 2024, 03:03:13 pm »
I did try that, and rebooted, and I still need to do my console command to get access.
8
General Discussion / Re: Opnsense access from WAN system (Daisy chained router)
« on: September 26, 2024, 03:01:02 pm »I also disable "Firewall: Settings: Advanced - Reply To" for my daisy chained OPNsenses since when you communicate with them on the WAN port they send the packet back to their default gateway instead.
In my experience that one needs a restart of the router.
In my case, wouldnt the default gateway be the router which my system is using? So it would be right?
9
General Discussion / Re: Opnsense access from WAN system (Daisy chained router)
« on: September 26, 2024, 04:07:48 am »Disable the anti-lockout rule and also disable force gateway (in Firewall > Settings > Advanced). That *should* do it.
Do you have any other ideas?
10
General Discussion / Re: Opnsense access from WAN system (Daisy chained router)
« on: September 25, 2024, 12:35:02 am »
It didn't. 
11
General Discussion / Re: Opnsense access from WAN system (Daisy chained router)
« on: September 24, 2024, 01:19:52 am »
Can anyone pls help? Surely I am not the first to want to do something like this.
12
General Discussion / Re: Opnsense access from WAN system (Daisy chained router)
« on: September 23, 2024, 04:19:16 am »
That didnt work neither
13
General Discussion / Re: Opnsense access from WAN system (Daisy chained router)
« on: September 21, 2024, 10:42:46 pm »
I actually saw that and disabled it when I was trying to fix things. (Block private networks). I confirmed it was disabled again and I still have the same issue.
14
General Discussion / Opnsense access from WAN system (Daisy chained router)
« on: September 20, 2024, 11:42:23 pm »
I have an OPNsense box connected to another firewall on its WAN port (Daisy chained). I want to access from another system that is connected to that higher up firewall.
When I run this command in the Opnsense console:
echo “pass in quick on ix1 proto tcp from 192.168.10.101 to (ix1) port 443 keep state” | pfctl -f -
I can access the webui.
I then add the rule for the WAN interface to allow in the traffic that matches that rule, click save, then apply, then I get nothing but a small hang and white web page. PLUS, I then have to redo the console command to even access the webui again.
How can I acheive what im trying to do?
When I run this command in the Opnsense console:
echo “pass in quick on ix1 proto tcp from 192.168.10.101 to (ix1) port 443 keep state” | pfctl -f -
I can access the webui.
I then add the rule for the WAN interface to allow in the traffic that matches that rule, click save, then apply, then I get nothing but a small hang and white web page. PLUS, I then have to redo the console command to even access the webui again.
How can I acheive what im trying to do?
Pages: [1]