1
16.7 Legacy Series / Re: IPS cut off GUI access from WAN
« on: September 23, 2016, 07:23:41 pm »Did you check the alert log?Yes
Maybe you have a rule that blocks your traffic.No, I have not.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
16.7 Legacy Series / Re: IPS cut off GUI access from WAN
« on: September 22, 2016, 08:31:56 pm »
NIC driver: Intel(R) PRO/1000 Network Connection 7.6.2
Hardware platform: amd64
OPNsense version: 16.7.3-amd64 (FreeBSD 10.3-RELEASE-p7)
What interfaces are in IPS mode: WAN
How are they configured: static IP address
Hardware platform: amd64
OPNsense version: 16.7.3-amd64 (FreeBSD 10.3-RELEASE-p7)
What interfaces are in IPS mode: WAN
How are they configured: static IP address
3
16.7 Legacy Series / Re: Strange ping behaviour
« on: September 22, 2016, 08:20:58 pm »Firewall: Settings: Advanced: check "Disable reply-to on WAN rules".That was it! Thanks.
4
16.7 Legacy Series / [solved] Strange ping behaviour
« on: September 21, 2016, 08:37:21 pm »
LAN: 192.168.1.0/24
WAN: 192.168.2.1, 255.255.255.0, upstream gateway 192.168.2.253
Problem: WAN clients (i.e. a client with address from 192.168.2.0/24) cannot ping WAN interface.
But OPNsense is able to ping those WAN clients.
I ran tcpdump and found out that OPNsense is sending ping reply to upstream gateway instead of client itself - they are in same subnet!
Once I disable firewall, ping starts working (ping reply is sent to appropriate client).
Firewall has only 3 rules (except two default ones - block bogon and private networks):
1. accept any traffic from my workstation (I cannot ping WAN interface either, but I can manage OPNsense throught it)
2. accept any ICMP traffic
3. block any other traffic
4. enabled "Bypass firewall rules for traffic on the same interface"
5. floating rules - only default "Block all IPv6 traffic"
6. NAT: "Manual outbound NAT rule generation" with autocreated LAN -> WAN rule (192.168.1.0/24 -> 192.168.2.1)
WAN: 192.168.2.1, 255.255.255.0, upstream gateway 192.168.2.253
Problem: WAN clients (i.e. a client with address from 192.168.2.0/24) cannot ping WAN interface.
But OPNsense is able to ping those WAN clients.
I ran tcpdump and found out that OPNsense is sending ping reply to upstream gateway instead of client itself - they are in same subnet!
Once I disable firewall, ping starts working (ping reply is sent to appropriate client).
Firewall has only 3 rules (except two default ones - block bogon and private networks):
1. accept any traffic from my workstation (I cannot ping WAN interface either, but I can manage OPNsense throught it)
2. accept any ICMP traffic
3. block any other traffic
4. enabled "Bypass firewall rules for traffic on the same interface"
5. floating rules - only default "Block all IPv6 traffic"
6. NAT: "Manual outbound NAT rule generation" with autocreated LAN -> WAN rule (192.168.1.0/24 -> 192.168.2.1)
5
16.7 Legacy Series / Re: IPS cut off GUI access from WAN
« on: September 21, 2016, 08:15:52 pm »
PPPoE - no
VLAN - no
It's even worse, it disables whole OPNsense, LAN clients cannot access internet.
I am unable to find any log which would enlighten my situation.
VLAN - no
It's even worse, it disables whole OPNsense, LAN clients cannot access internet.
I am unable to find any log which would enlighten my situation.
6
16.7 Legacy Series / Re: DHCPv4 server API
« on: September 01, 2016, 06:58:23 pm »
...and I thought I was asking simple question.
7
16.7 Legacy Series / DHCPv4 server API
« on: August 27, 2016, 07:25:17 pm »
Is API available for making DHCPv4 static reservations?
Pages: [1]