Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - alanhjames

Pages1
#1
25.7, 25.10 Series / Re: external website accessible on 1 interface but not another: State violation
October 19, 2025, 11:14:31 PM
I think I've resolved the issue now after a couple of hours going in circles, though I still don't fully understand it. I also have no idea when the issue started as all other sites appeared to work fine and it's the first time that I've tried to access this specific site.

I went through all settings in the Firewall, purely out of curiosity and I found a setting that wasn't set to it's default state.

Under Firewall: Settings: Advanced I found Anti DDOS -> Enable syncookies was set to "always" instead of "never (default)". I can't see why that would have been changed by me, only possible explanation is that it's next to the Save button and I've somehow clicked on the dropdown and changed it without realizing.

Either way the website now appears to be accessible on the LAN interface.
#2
25.7, 25.10 Series / external website accessible on 1 interface but not another: State violation
October 19, 2025, 10:43:33 PM
Version: OPNsense 25.7.5-amd64 (updated today to check if it made any difference to my issue, it didn't)

I've recently found a website which I can access on one of my interfaces but not on another and I can't work out why.

I've attempted to compare the settings for both interfaces but I can't see any differences and I'm looking for guidance in which settings I should specifically check.


Firstly, the website is NASA (www.nasa.gov), as yet I have not found any other websites that do not work. ie. every other website I check works but not NASA, unless accessed on a different interface.

Basic setup:
WAN interface
LAN interface
SERVERS interface (has Squid Web Proxy enabled with NASA whitelisted)
+ 3 other interfaces which I am unable to test at the moment.

I am unable to access NASA website on LAN interface using both WiFi and Wired connections. I am able to PING the address however.
In my logs I can see WAN -> NASA is allowed but the return traffic is blocked LAN -> my computer, the rule blocking the traffic is Default deny / State violation.

If I access the NASA website from the SERVERS interface it works fine through Squid Proxy, there is no Squid proxy on the LAN interface.

I can't work out why all other websites appear to work except the NASA website, despite the fact it works on another interface with the same computer.

Any help appreciated.

Alan
Pages1