61
17.1 Legacy Series / [SOLVED] Traffic does not pass from LAN to OPT1 in spite of firewall pass rules
« on: March 04, 2017, 11:08:09 am »
Hello,
searched the Internet before and found similar issues but the solutions did not apply. So please bear with me for asking here. In spite of having easy and manual firewall rules to make (all) traffic pass between LAN and OPT1, I can only reach port 80 on a host at OPT1 network from my workstation at LAN network. Please see below for details.
What do I need to do to enable full TCP connectivity from LAN network to OPT1 network? Any help would be appreciated.
Kind regards
Boris
OPNsense 17.1.2-amd64
LAN 192.168.31.0/24
opnsense at 192.168.31.1
my workstation at 192.168.31.8
OPT1 192.168.30.0/24
opnsense at 192.168.30.254
a host at 192.168.30.1
my workstation ---------------- opnsense ----------------------- host
192.168.31.8 192.168.31.1 192.168.30.254 192.168.30.1
From opnsense I can ping host at 192.168.30.1 and reach all open TCP ports.
From my workstation at 192.168.31.8 I can connect to port 80 of host 192.168.30.1.
From my workstation at 192.168.31.8 I cannot ping host 192.168.30.1 and not reach any other TCP port than 80.
Firewall: Log Files: Normal View shows that ICMP from 192.168.31.8 to 192.168.30.1 is blocked.
I add easy rule from the view to enable ICMP from 192.168.31.8 to 192.168.30.1.
Still cannot ping.
I add firewall rule for OPT1 to enable all traffic/all protocols between LAN and OPT1 networks.
Still cannot ping. Even not after a reboot.
"Block private/bogon networks" is unchecked for both LAN and OPT1.
The dashboard shows increasing packet count in at OPT1 for the pings but no packet count out.
searched the Internet before and found similar issues but the solutions did not apply. So please bear with me for asking here. In spite of having easy and manual firewall rules to make (all) traffic pass between LAN and OPT1, I can only reach port 80 on a host at OPT1 network from my workstation at LAN network. Please see below for details.
What do I need to do to enable full TCP connectivity from LAN network to OPT1 network? Any help would be appreciated.
Kind regards
Boris
OPNsense 17.1.2-amd64
LAN 192.168.31.0/24
opnsense at 192.168.31.1
my workstation at 192.168.31.8
OPT1 192.168.30.0/24
opnsense at 192.168.30.254
a host at 192.168.30.1
my workstation ---------------- opnsense ----------------------- host
192.168.31.8 192.168.31.1 192.168.30.254 192.168.30.1
From opnsense I can ping host at 192.168.30.1 and reach all open TCP ports.
From my workstation at 192.168.31.8 I can connect to port 80 of host 192.168.30.1.
From my workstation at 192.168.31.8 I cannot ping host 192.168.30.1 and not reach any other TCP port than 80.
Firewall: Log Files: Normal View shows that ICMP from 192.168.31.8 to 192.168.30.1 is blocked.
I add easy rule from the view to enable ICMP from 192.168.31.8 to 192.168.30.1.
Still cannot ping.
I add firewall rule for OPT1 to enable all traffic/all protocols between LAN and OPT1 networks.
Still cannot ping. Even not after a reboot.
"Block private/bogon networks" is unchecked for both LAN and OPT1.
The dashboard shows increasing packet count in at OPT1 for the pings but no packet count out.