"Quote from: franco on September 22, 2016, 08:39:48 PMYes
Did you check the alert log?
Quote from: franco on September 22, 2016, 08:39:48 PMNo, I have not.
Maybe you have a rule that blocks your traffic.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#1
16.7 Legacy Series / Re: IPS cut off GUI access from WAN
September 23, 2016, 07:23:41 PM #2
16.7 Legacy Series / Re: IPS cut off GUI access from WAN
September 22, 2016, 08:31:56 PM
NIC driver: Intel(R) PRO/1000 Network Connection 7.6.2
Hardware platform: amd64
OPNsense version: 16.7.3-amd64 (FreeBSD 10.3-RELEASE-p7)
What interfaces are in IPS mode: WAN
How are they configured: static IP address
Hardware platform: amd64
OPNsense version: 16.7.3-amd64 (FreeBSD 10.3-RELEASE-p7)
What interfaces are in IPS mode: WAN
How are they configured: static IP address
#3
16.7 Legacy Series / Re: Strange ping behaviour
September 22, 2016, 08:20:58 PMQuote from: franco on September 21, 2016, 08:48:58 PMThat was it! Thanks.
Firewall: Settings: Advanced: check "Disable reply-to on WAN rules".
#4
16.7 Legacy Series / [solved] Strange ping behaviour
September 21, 2016, 08:37:21 PM
LAN: 192.168.1.0/24
WAN: 192.168.2.1, 255.255.255.0, upstream gateway 192.168.2.253
Problem: WAN clients (i.e. a client with address from 192.168.2.0/24) cannot ping WAN interface.
But OPNsense is able to ping those WAN clients.
I ran tcpdump and found out that OPNsense is sending ping reply to upstream gateway instead of client itself - they are in same subnet!
Once I disable firewall, ping starts working (ping reply is sent to appropriate client).
Firewall has only 3 rules (except two default ones - block bogon and private networks):
1. accept any traffic from my workstation (I cannot ping WAN interface either, but I can manage OPNsense throught it)
2. accept any ICMP traffic
3. block any other traffic
4. enabled "Bypass firewall rules for traffic on the same interface"
5. floating rules - only default "Block all IPv6 traffic"
6. NAT: "Manual outbound NAT rule generation" with autocreated LAN -> WAN rule (192.168.1.0/24 -> 192.168.2.1)
WAN: 192.168.2.1, 255.255.255.0, upstream gateway 192.168.2.253
Problem: WAN clients (i.e. a client with address from 192.168.2.0/24) cannot ping WAN interface.
But OPNsense is able to ping those WAN clients.
I ran tcpdump and found out that OPNsense is sending ping reply to upstream gateway instead of client itself - they are in same subnet!
Once I disable firewall, ping starts working (ping reply is sent to appropriate client).
Firewall has only 3 rules (except two default ones - block bogon and private networks):
1. accept any traffic from my workstation (I cannot ping WAN interface either, but I can manage OPNsense throught it)
2. accept any ICMP traffic
3. block any other traffic
4. enabled "Bypass firewall rules for traffic on the same interface"
5. floating rules - only default "Block all IPv6 traffic"
6. NAT: "Manual outbound NAT rule generation" with autocreated LAN -> WAN rule (192.168.1.0/24 -> 192.168.2.1)
#5
16.7 Legacy Series / Re: IPS cut off GUI access from WAN
September 21, 2016, 08:15:52 PM
PPPoE - no
VLAN - no
It's even worse, it disables whole OPNsense, LAN clients cannot access internet.
I am unable to find any log which would enlighten my situation.
VLAN - no
It's even worse, it disables whole OPNsense, LAN clients cannot access internet.
I am unable to find any log which would enlighten my situation.
#6
16.7 Legacy Series / Re: DHCPv4 server API
September 01, 2016, 06:58:23 PM
...and I thought I was asking simple question.
#7
16.7 Legacy Series / DHCPv4 server API
August 27, 2016, 07:25:17 PM
Is API available for making DHCPv4 static reservations?
Pages1
