Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - SMG

Pages1
#1
German - Deutsch / Re: Kann DMZ aus LAN nicht erreichen
Today at 12:21:48 AM
Interfaces to capture - select all
gc0 [LAN]
igc1 [WAN]
re0 [DMZ]
lo0 [Loopback]
enc0
pflog0
pfsync0
wg0 [HedwigWireGuard]

Code Select

DMZ
re0 2026-01-29
00:13:57.571658 68:84:7e:xxxxxx 00:e0:4c:xxxxxx IPv4, length 98: 192.168.0.48 > 192.168.10.4: ICMP echo request, id 5, seq 963, length 64
DMZ
re0 2026-01-29
00:13:58.591672 68:84:7e:xxxxxx 00:e0:4c:xxxxxx IPv4, length 98: 192.168.0.48 > 192.168.10.4: ICMP echo request, id 5, seq 964, length 64
LAN
igc0 2026-01-29
00:13:57.571638 44:37:e6:xxxxxx 02:76:c6:xxxxxx IPv4, length 98: 192.168.0.48 > 192.168.10.4: ICMP echo request, id 5, seq 963, length 64
LAN
igc0 2026-01-29
00:13:57.972811 02:76:c6:xxxxxx d8:47:32:xxxxxx IPv4, length 118: 192.168.0.1 > 192.168.0.71: ICMP 132.163.96.6 udp port 123 unreachable, length 84
LAN
igc0 2026-01-29
00:13:58.591649 44:37:e6:xxxxxx 02:76:c6:xxxxxx IPv4, length 98: 192.168.0.48 > 192.168.10.4: ICMP echo request, id 5, seq 964, length 64


Sieht so aus als würde alles nur auf LAN und DMZ landen

"Ich nehme an, re0 ist das DMZ-Interface."
-ja
#2
German - Deutsch / Re: Kann DMZ aus LAN nicht erreichen
January 28, 2026, 11:18:11 PM
Code Select
Routing tables

Internet:
Destination        Gateway            Flags         Netif Expire
default            178.201.166.1      UGS            igc1
10.10.10.0/24      link#8             U               wg0
10.10.10.1         link#4             UHS             lo0
10.10.10.2         link#8             UHS             wg0
10.10.10.3         link#8             UHS             wg0
10.10.10.4         link#8             UHS             wg0
10.10.10.5         link#8             UHS             wg0
80.69.96.12        178.201.166.1      UGHS           igc1
81.210.129.4       178.201.166.1      UGHS           igc1
127.0.0.1          link#4             UH              lo0
178.201.166.0/23   link#2             U              igc1
178.201.167.223    link#4             UHS             lo0
192.168.0.0/24     link#1             U              igc0
192.168.0.1        link#4             UHS             lo0
192.168.10.0/24    link#3             U               re0
192.168.10.1       link#4             UHS             lo0

Internet6:
Destination                       Gateway                       Flags         Netif Expire
default                           fe80::201:5cff:fe77:4a46%igc1 UGS            igc1
::1                               link#4                        UHS             lo0
2a02:908:2:a::1                   fe80::201:5cff:fe77:4a46%igc1 UGHS           igc1
2a02:908:2:b::1                   fe80::201:5cff:fe77:4a46%igc1 UGHS           igc1
2a02:908:1900:6::1bee             link#4                        UHS             lo0
2a02:908:1900:8::/64              link#2                        U              igc1
2a02:908:1960:e5a0::/64           link#1                        U              igc0
2a02:908:1960:e5a0::/59           link#4                        USB             lo0
2a02:908:1960:e5a0:76:c6ff:fe01:6d6d link#4                     UHS             lo0
2a02:3102:8001:d7::/64            link#2                        U              igc1
2a02:3102:8001:80d7::/64          link#2                        U              igc1
fd00::/64                         link#2                        U              igc1
fe80::%igc0/64                    link#1                        U              igc0
fe80::76:c6ff:fe01:6d6d%lo0       link#4                        UHS             lo0
fe80::%igc1/64                    link#2                        U              igc1
fe80::76:c6ff:fe01:7154%lo0       link#4                        UHS             lo0
fe80::%lo0/64                     link#4                        U               lo0
fe80::1%lo0                       link#4                        UHS             lo0
#3
German - Deutsch / Re: Kann DMZ aus LAN nicht erreichen
January 28, 2026, 10:59:46 PM
Meinst du auf der Weboberfläche: Interfaces: Diagnostics: Netstat, wenn ja welche Infos brauchst du?


SSH-Zugriff auf OPNsense habe ich bislang nicht aktiviert...wenn es aber nur so geht, kann ich das auch machen
#4
German - Deutsch / Re: Kann DMZ aus LAN nicht erreichen
January 28, 2026, 10:48:49 PM
Müsste hier eigentlich die Mac-Adressse des hosts und nicht die Mac-Adresse des LAN interface auftauchen?

4c:52:62:xx:xx:xx   02:76:c6:xxxx(LAN Interface)   IPv4, length 98: 192.168.0.13 > 192.168.10.4
                     
 
#5
German - Deutsch / Re: Kann DMZ aus LAN nicht erreichen
January 28, 2026, 10:35:39 PM
Firewall: Rules: LAN
Code Select

  Protocol Source Port Destination Port Gateway Schedule Description

IPv4 * LAN net * * * * * Default allow LAN to any rule
IPv6 * LAN net * * * * * Default allow LAN IPv6 to any rule



Die Regel habe ich nach der Installation nicht/nie angefasst....
#6
German - Deutsch / Kann DMZ aus LAN nicht erreichen
January 28, 2026, 10:04:47 PM
Hallo,
ich kann aus dem LAN nicht auf die DMZ zugreifen und kann auch nach längerem Suchen und Probieren nicht feststellen wo etwas falsch läuft.

Version OPNsense 25.7.7_4-amd64

Interfaces
LAN igc0 192.168.0.1/24
DMZ re0 192.168.10.1/24
Wireguard wg0 10.10.10.1/24

Firewall
Firewall LAN ; Default allow LAN to any rule
Firewall DMZ ; ping any to any (Testzwecke)


Ping
lan -> lan ok
lan -> 8.8.8.8 ok
wireguard -> lan ok
wireguard -> dmz ok
dmz -> 8.8.8.8 ok
lan -> dmz klappt nicht (Firewall log live view: 192.168.0.2(source)->;192.168.10.4(destination)- pass let out anything)


Packet capture
Code Select
WireGuard
wg0 2026-01-28
17:38:52.004304 length 88: 10.10.10.4 > 192.168.10.4: ICMP echo request, id 15, seq 9, length 64

WireGuard
wg0 2026-01-28
17:38:52.004650 length 88: 192.168.10.4 > 10.10.10.4: ICMP echo reply, id 15, seq 9, length 64

DMZ
re0 2026-01-28
17:38:52.004329 68:84:7e:xx:xx:xx 00:e0:4c:xx:xx:xx IPv4, length 98: 10.10.10.4 > 192.168.10.4: ICMP echo request, id 15, seq 9, length 64

DMZ
re0 2026-01-28
17:38:52.004639 00:e0:4c:xx:xx:xx 68:84:7e:xx:xx:xx IPv4, length 98: 192.168.10.4 > 10.10.10.4: ICMP echo reply, id 15, seq 9, length 64

-----------------------------------------------------------------------------------------------------------------------------------------------------

LAN
igc0 2026-01-28
20:43:51.815899 4c:52:62:xx:xx:xx 02:76:c6:xx:xx:xx IPv4, length 98: 192.168.0.13 > 192.168.10.4: ICMP echo request, id 69, seq 0, length 64
DMZ
re0 2026-01-28
20:43:51.815963 68:84:7e:xx:xx:xx 00:e0:4c:xx:xx:xx IPv4, length 98: 192.168.0.13 > 192.168.10.4: ICMP echo request, id 69, seq 0, length 64



Irgendwie kommt beim Ping aus dem LAN in die DMZ kein Reply, aber ich kann nicht erkennen woran das liegt. Es scheint kein Firewall-Problem zu sein und der Host reagiert beim Ping aus dem Wireguard-Netz.......

Wo liegt der Fehler?


#7
25.1, 25.4 Series / Re: acme client with duckdns letsencrypt and alt name has stopped renewing the cert
February 28, 2025, 07:23:59 PM
I encounter the same problem did u find any solution?

#8
Virtual private networks / Zerotier->LAN->Web interface LTE modem (outside LAN address-pool)
September 30, 2024, 10:18:18 PM
Hello everyone,


As shown in the network diagram, i am trying to access the web interface of the LTE modem. However, I can't figure out how to route the request. Accessing the web interface from local LAN is working, although modem IP is outside LAN adresspool. Could you please help me with some advice how to route this without adding another managed route in ZeroTier.

Thanks Stephan
Pages1