problem with external private ip's

[sdnavarro]

Hello

I have a problem with an MPSL network,

the opnsense delivers a local dhcp to the router. in each site has dhcp.

I can navigate connected from the switch. but the traffic from the other site says Deny default rule.


How can I unblock these ip's?

thanks

Thank you

[sdnavarro]

Hello, any ideas?

I've already tried creating rules in the lan interface with an ip's alias, but it does not work

Thank you

[sdnavarro]

this is the log that the firewall shows me by ssh

Code: [Select]

00:00:00.005422 rule 6/0(match): block in on em0: (tos 0x0, ttl 124, id 20699, offset 0, flags [none], proto UDP (17), length 62)
    192.169.11.134.60302 > 200.50.96.90.53: 64208+ A? dns.msftncsi.com. (34)
 00:00:00.007765 rule 6/0(match): block in on em0: (tos 0x0, ttl 60, id 26297, offset 0, flags [DF], proto TCP (6), length 60)
     192.169.13.75.49852 > 168.195.56.81.443: Flags [S], cksum 0xe5c0 (correct), seq 2352920936, win 29200, options [mss 1460,sackOK,TS val 34335644 ecr 0,nop,wscale 7], length 0
 00:00:00.000006 rule 6/0(match): block in on em0: (tos 0x0, ttl 60, id 52630, offset 0, flags [DF], proto TCP (6), length 60)
     192.170.13.75.45642 > 31.13.94.24.443: Flags [S], cksum 0xeb20 (correct), seq 2724008523, win 29200, options [mss 1460,sackOK,TS val 34335644 ecr 0,nop,wscale 7], length 0
 00:00:00.003420 rule 6/0(match): block in on em0: (tos 0x0, ttl 60, id 5077, offset 0, flags [DF], proto TCP (6), length 492)
     192.169.15.224.41726 > 190.98.133.224.443: Flags [P.], seq 58273697:58274137, ack 2704364150, win 762, options [nop,nop,TS val 16704 ecr 2430859080], length 440
 00:00:00.016381 rule 6/0(match): block in on em0: (tos 0x0, ttl 124, id 22974, offset 0, flags [none], proto UDP (17), length 62)
     192.170.13.215.61705 > 200.50.96.90.53: 32118+ A? go.microsoft.com. (34)
 00:00:00.005550 rule 6/0(match): block in on em0: (tos 0x0, ttl 124, id 28225, offset 0, flags [none], proto UDP (17), length 69)
     192.169.15.228.54252 > 200.50.96.130.53: 34045+ A? win8.ipv6.microsoft.com. (41)
 00:00:00.047879 rule 6/0(match): block in on em0: (tos 0x0, ttl 60, id 9339, offset 0, flags [DF], proto UDP (17), length 73)
     192.169.16.155.36542 > 200.50.96.90.53: 54963+ A? googleads.g.doubleclick.net. (45)
 00:00:00.004089 rule 6/0(match): block in on em0: (tos 0x0, ttl 60, id 64968, offset 0, flags [DF], proto TCP (6), length 85)
     192.169.14.152.49406 > 31.13.94.14.443: Flags [P.], cksum 0x8e87 (correct), seq 265131073:265131106, ack 407923771, win 351, options [nop,nop,TS val 2651075 ecr 2507244509], length 33
 00:00:00.003133 rule 6/0(match): block in on em0: (tos 0x0, ttl 60, id 0, offset 0, flags [DF], proto TCP (6), length 64)
     192.170.14.22.51727 > 17.248.137.141.443: Flags [S], cksum 0x5ccb (correct), seq 1272202283, win 65535, options [mss 1460,nop,wscale 7,nop,nop,TS val 745643595 ecr 0,sackOK,eol], length 0
 00:00:00.000008 rule 6/0(match): block in on em0: (tos 0x0, ttl 124, id 947, offset 0, flags [none], proto UDP (17), length 89)
     192.169.14.123.54903 > 94.245.121.253.3544: UDP, length 61
 00:00:00.001896 rule 6/0(match): block in on em0: (tos 0x0, ttl 60, id 34749, offset 0, flags [none], proto TCP (6), length 1001)
     192.170.16.139.35191 > 172.217.192.95.443: Flags [P.], seq 1393307038:1393307987, ack 26




thanks

[sdnavarro]

Any ideas? Help

thanks