OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of nutonas »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - nutonas

Pages: [1]
1
General Discussion / ICMP
« on: May 16, 2019, 10:37:43 am »
Hi,

Our ISP needs to ping our firewall and i created rule on WAN interface where allows ICMP traffic from ISP ip.

Proto           Source                   Port    Destination                Port    Gateway    Schedule    Description    
IPv4 ICMP    ISP_IP/24    *  OUR_FIREWALL_WAN_IP/28    *    WANGW          

But problem that from ISP they dont get replays from our firewall. So the thing is that on firewall logs says that from ISP_IP passes ICMP to OUR_FIREWALL_WAN_IP:

filterlog: 90,,,0,bge0,match,pass,in,4,0x0,,60,0,0,DF,1,icmp,ISP_IP,OUR_FIREWALL_WAN_IP,datalength=64

But i if i filter in logs by our WAN ip there is no logged traffic with replay.

So can anyone help me to configure  properly this ICMP rule?

2
General Discussion / Firewall working strange
« on: October 11, 2018, 11:29:36 pm »
Hi, ammm the thing is, that my OPNSENSE does not allow any traffic from WAN side literally. I had created rules for example to allow ICMP ping from  WAN side:
Proto    Source    Port    Destination    Port    Gateway    
IPv4 ICMP    *    *    WAN address    *    *       

And when im trying to ping my opnsense from outside, getting "Request timed out", but in logs opnsense says that icmp passes:
filterlog:92,,,0,bge0,match,pass,in,4,0x0,,122,1206,0,none,1,icmp,60,MYPC_IP,OPNSENSE_WAN_IP,datalength=40

The same problem is for example with OpenVPN, when im trying to connect from my PC to VPN server
In firewall rulles im allowing OpenVPN:
Proto    Source    Port    Destination    Port    Gateway    Schedule    Description    
IPv4 UDP    *    *    WAN address    1194 (OpenVPN)    *       OpenVPN wizard

And in firewall logs says that OpenVPN passes:
    filterlog: 124,,,0,bge0,match,pass,in,4,0x0,,122,1198,0,none,17,udp,114,MYPC_IP,OPNSENSE_WAN_IP,51615,1194,94

And logs from OpenVPN:
Oct 12 00:23:09    openvpn[20663]: MYPC_IP:51615 TLS Error: TLS handshake failed
Oct 12 00:23:09    openvpn[20663]: MYPC_IP:51615 TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Oct 12 00:22:39    openvpn[20663]: MYPC_IP:51615 write UDPv4: Permission denied (code=13)

My PC is from outside of my OPNSENSE wan...

So there is somewhere miss configuration? Can any someone help me?

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2