16
16.1 Legacy Series / [SOLVED] Odd PacketFilter behavior in VM Guest
« on: March 17, 2016, 06:46:34 pm »
I am having many issues with OPNSense in a virtual environment. What it boils down to is when the packet filter is enabled and has any rules to allow traffic inbound they do not work. If I drop the filter (pfctl -d) then the traffic flows. This happens in three different hypervisors with both 16.1, 15.7, and the current Alpha.
A more specific example is if I open 443 to the WAN IP for management. Traffic is blocked. I can see the block on the firewall log even though there is a rule allowing the traffic. So I click the green arrow to create a new rule. The rule appears, and the traffic is still blocked. Once again if I disable the pf totally it works. It's baffling that I cannot get a virtualized copy working with the pf also fully functional.
Thoughts where to look next? I created an OPT1 interface and put a allow all to everywhere rule and it seems to be working. My LAN segment is working with NAT for VM clients. I just can't open the WAN for anything. I'll gather and post any data that might be helpful if asked.
<EDIT>
Adding a floating rule seems to have allowed traffic through. My wan rule (attached) and my layout (attached) should allow the client to talk to the server. The server can ping/ssh to the client no problem.
As for the float rule. I added another allow everything to everything and it started working.
A more specific example is if I open 443 to the WAN IP for management. Traffic is blocked. I can see the block on the firewall log even though there is a rule allowing the traffic. So I click the green arrow to create a new rule. The rule appears, and the traffic is still blocked. Once again if I disable the pf totally it works. It's baffling that I cannot get a virtualized copy working with the pf also fully functional.
Thoughts where to look next? I created an OPT1 interface and put a allow all to everywhere rule and it seems to be working. My LAN segment is working with NAT for VM clients. I just can't open the WAN for anything. I'll gather and post any data that might be helpful if asked.
<EDIT>
Adding a floating rule seems to have allowed traffic through. My wan rule (attached) and my layout (attached) should allow the client to talk to the server. The server can ping/ssh to the client no problem.
As for the float rule. I added another allow everything to everything and it started working.