OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of Remington »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - Remington

Pages: [1]
1
General Discussion / Answer Packet is not passing PF but session counter increases
« on: January 27, 2020, 12:16:47 am »
I try to ping host 192.168.2.21 from 81.169.177.200

I see the echo-request (234) with tcpdump on the inboud interface. I see the request and response on the outbound interface.
The session table shows the same.  The inbound session shows 234 packets in and out, but the out session shows twice as packets for the out counter.

Code: [Select]
all icmp 192.168.2.21:3290 <- 81.169.177.200:3290       0:0
   age 00:03:54, expires in 00:00:09, 234:468 pkts, 19656:39312 bytes, rule 507
   id: 030000005e2df8c8 creatorid: 8368a371
all icmp 81.169.177.200:3290 -> 192.168.2.21:3290       0:0
   age 00:03:54, expires in 00:00:09, 234:234 pkts, 19656:19656 bytes, rule 127
   id: 030000005e2df8c9 creatorid: 8368a371
How can I find out why the echo-response is dropped?

Code: [Select]
@127 pass out log all flags S/SA keep state allow-opts label "fae559338f65e11c53669fc3642c93c2"
  [ Evaluations: 2132      Packets: 4173      Bytes: 1021132     States: 80    ]
  [ Inserted: uid 0 pid 82969 State Creations: 776   ]
@507 pass in log quick on wg0 reply-to (wg0 192.168.70.1) inet proto icmp from <schmu_srv03:4> to <wupp_schapp:3> keep state label "501718afceb1c0ed891df29dd33b09bf"
  [ Evaluations: 67        Packets: 0         Bytes: 0           States: 0     ]
  [ Inserted: uid 0 pid 82969 State Creations: 0     ]


2
General Discussion / MDNS Repeater IPv6
« on: June 17, 2019, 10:50:10 pm »
Hi,

mdns repeater is pretty old and doesn't support IPv6.
Found that at least iPhones won't find their printer, if they are connected via dual stack.
Had to disable IPv6 on my printer to get it working again.

Is IGMP Proxy an option to forward mdns over IPv6?

Bye
  Thomas

3
Web Proxy Filtering and Caching / add custom subnet to localnet
« on: August 14, 2018, 12:22:20 am »
Hi,

I didn't found a way to add custom networks to the acl localnet in the squid.conf.
Looks like that only networks of directly attached interfaces get added if they are added to "Proxy interfaces".
But adding e.g. an openvpn interface don't add the network to localnet.

Is there a way to add networks to localnet manually.

Thanks
  Thomas

4
General Discussion / ICMP type logging
« on: March 26, 2018, 10:27:10 pm »
Hi,

is it only me or is it in Version 18.1 that there is not ICMP type logging any more?

my log looks like this:
Code: [Select]
filterlog: 34,,,0,vmx0,match,pass,in,6,0x00,0x00000,255,ICMPv6,58,112,fe80::1:1,ff02::1,
filterlog: 92,,,0,vmx1,match,pass,in,4,0x0,,32,12590,0,none,1,icmp,60,172.20.XX.42,192.168.XX.231,datalength=40
I expect something like request|reply|unreachproto|unreachport|unreach|timeexceed|paramprob|redirect|maskreply|needfrag|tstamp|tstampreply at the end.
Not sure if it was there in the past or I have seen it in a pfsense install. Had to look into ICMP details recently and missed this information.

Can someone confirm that this is the standard behavior or was it different in former versions or is it configurable?

Thanks
 Thomas

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2021 All rights reserved
  • SMF 2.0.17 | SMF © 2019, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2