OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of Cattapiller »
  • Show Posts »
  • Topics
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Topics - Cattapiller

Pages: [1]
1
24.1 Legacy Series / KEA dhcpv4 arp scan?
« on: March 16, 2024, 04:54:13 pm »
Heya!

Is the new KEA DHCPv4 ARP scanning the network to check if the ip is already in use?
If yes, is the firewall ARP table  the same as the KEA ARP table?

Because I've got some IP collisions in my network that could've been easily avoided if KEA would ARP scan the network.

I've got one client who gets constantly offered an IP that's already in use and I can see it in the ARP table of the interface. Meaning I can see the MAC, IP, leasetime etc on the KEA DHCP but if i check the AR{ table of the interface, the IP is already occupied with another MAC on the same switch but a different port

I was switching from ISC to KEA hoping that KEA would ARP scan (as stated in their documentation) and just check that some static IPs are in place and would just avoid them but apparently it doesn't.

Cheers & Thanks in advance

2
22.1 Legacy Series / [SOLVED] TCP Connections denied per deny default
« on: August 07, 2022, 10:04:37 am »
Heya,

im stumbling into a really weird one here.

Ive got some tcp connections that are going through and some that just arent. Just directly blocked by deny default via floating rules. (Can see it in the live log from the firewall) But there are ALLOW all rules for the clients to connect to the internet.

My setup:

ISP <---> OPNsense <-> Switches <-> Clients

Ive got a couple VLANS for the clients, VLANs for mgmt.
The clients are able to connect to the internet and are passed through the OPNsense firewall (so that works). They can reach most of the web, but if they try to reach certain websites, its denied by default via floating rules.

Denied instantly on Websites like Whatsapp, Facebook, Protonmail and so on.....

ISP is doin the NAT for us.

Not using DNS from OPNsense.
Not using any Webproxy or something. Its just plain routing.

Ive tried to set firewall -> settings -> advanced : firewall optimization to conservative (was normal) like suggested in another post, and it wasnt helping.

Thanks in advance!





Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2