1
16.7 Legacy Series / Totally Stumped...firewall rules not working
« on: August 16, 2016, 04:41:06 pm »
This has got to be my fault. I have tried a clean install both in a VM and on bare metal with no change in behavior. I will also note that I have used OPNsense in the past about a year ago, but eventually tried another product. Now I'm back to evaluation OPNsense with the latest version.
My setup is that the WAN port of the firewall is connected to my local network and is getting valid DHCP information. I have turned off blocking private and bogon networks. The LAN port has an address of 192.168.1.1 and has DHCP active.
When I connect a client to the LAN port, it gets an IP address and appears to be able to surf correctly. I can open the OPNsense webgui and configure the firewall.
My problem is that I can't get any incoming firewall rules to work. For instance, I've tried to turn on https access from the WAN port, but I can't reach the webgui from the WAN port. The rule I create is in Firewall->Rules->WAN. (proto,source,port,dest,port,gw) = (ipv4TCP,*,*,WAN address,443,*).
I then tried a simple forward rule to a service running on the client computer. I created the NAT rule, which also created the firewall rule, but again nothing seems to reach the client computer. The logs seemto imply that the rule was hit and the packet was accepted. The port forward rule in this case is to forward port 8080 on the WAN address to port 80 on the client computer.
IF I do a factory reset and only set up the WAN port, then the rules are created to allow http/s access on the WAN. However, as soon as I add the LAN port, that functionality goes away.
I also have a firewall backup from my previous testing attempt, but this version complains about some of the entries, and when I finally got it to load, the system hung.
Given that this is very basic functionality, and that nobody else has mentioned this problem, it's got to be all me. Please help.
My setup is that the WAN port of the firewall is connected to my local network and is getting valid DHCP information. I have turned off blocking private and bogon networks. The LAN port has an address of 192.168.1.1 and has DHCP active.
When I connect a client to the LAN port, it gets an IP address and appears to be able to surf correctly. I can open the OPNsense webgui and configure the firewall.
My problem is that I can't get any incoming firewall rules to work. For instance, I've tried to turn on https access from the WAN port, but I can't reach the webgui from the WAN port. The rule I create is in Firewall->Rules->WAN. (proto,source,port,dest,port,gw) = (ipv4TCP,*,*,WAN address,443,*).
I then tried a simple forward rule to a service running on the client computer. I created the NAT rule, which also created the firewall rule, but again nothing seems to reach the client computer. The logs seemto imply that the rule was hit and the packet was accepted. The port forward rule in this case is to forward port 8080 on the WAN address to port 80 on the client computer.
IF I do a factory reset and only set up the WAN port, then the rules are created to allow http/s access on the WAN. However, as soon as I add the LAN port, that functionality goes away.
I also have a firewall backup from my previous testing attempt, but this version complains about some of the entries, and when I finally got it to load, the system hung.
Given that this is very basic functionality, and that nobody else has mentioned this problem, it's got to be all me. Please help.