No response to anything from WAN

Started by huntson, June 27, 2022, 11:29:51 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
June 27, 2022, 11:29:51 PM
This is a new setup.  I'm running 21.1.9.  I am testing my OpnSense unit inside my current LAN (LAN 1).  My main router has given my OpnSense unit an IP address and units behind the OpnSense unit can get to the Internet.  They can also get to the OpnSense config GUI from the LAN port (LAN 2).  Devices on my larger LAN 1 cannot access the OpnSense GUI nor ping it from the WAN port despite things being configured as you can see in the attached picture. 

Let me know if you need additional information to offer advice.
June 28, 2022, 08:07:28 AM #1
You need port forwarding rule instead of firewall rule.

Go to firewall ---> alias ---> and add new alias.

Give name (RouterLAN for example), choose host as type (if it isn't allready selected) type ipblock of your routers lan (192.168.1.0/24 if your routers LAN ip is 192.168.1.1 and subnet is 255.255.255.0
Tag statistics and give it a description if you want.
Click save and then on top right corner of aliases list  apply changes.

Then go to firewall ---> NAT ---> Port forwarding

Interface: WAN    
TCP/IP Version: IPv4
Protocol: Any
Source:  click advanced tab and select "RouterLAN" (or whatever is the name you gave to alias) from the list
Destination / Invert: Leave to default value
Destination: WAN Address
Redirect target IP: LAN Adress
Pool Options:  Default
Log: Tag if you want to be able to see this on firewall live logs
Category: Give category name
Description: Give description (this is the label which shows up on Live log)    
Set local tag: Leave to default value
Match local tag: Leave to default value   
No XMLRPC Sync: Leave to default value    
NAT reflection: Yes    
Filter rule association: Leave to default value

After that save, then click apply chages-

Now make sure you can see that port forward rule in WAN firewall rule list.

after that, test if it works.
June 28, 2022, 08:10:10 AM #2
If you are trying to connect computers on Routers LAN to Opnsense LAN, then you create WAN rule with exactly same configuration, but destination is LAN net.
June 28, 2022, 08:17:35 AM #3
Basically how firewall rules work, you can block computers from accessing different networks, but not computers on same network.

So you are able to Block computers on LAN from being able to access firewall or ping it, but you won't be able to prevent computers from accessing or pinging computers on same network.

Direction is always in, on LAN, to block computers accessing certain IP on internet, you choose direction as in, source as LAN net and destination is either alias or IP/subnet bit.

https://docs.opnsense.org/manual/how-tos/edrop.html gives good idea how firewall rules work
June 28, 2022, 11:07:28 AM #4 Last Edit: June 28, 2022, 12:05:23 PM by Demusman
Quote from: huntson on June 27, 2022, 11:29:51 PM
This is a new setup.  I'm running 21.1.9.  I am testing my OpnSense unit inside my current LAN (LAN 1).  My main router has given my OpnSense unit an IP address and units behind the OpnSense unit can get to the Internet.  They can also get to the OpnSense config GUI from the LAN port (LAN 2).  Devices on my larger LAN 1 cannot access the OpnSense GUI nor ping it from the WAN port despite things being configured as you can see in the attached picture. 

Let me know if you need additional information to offer advice.

Sometimes the advice given on this board make me scratch my head. Always from the same few people too.

Anyway, the rule looks good, curious why you have the same rule twice though but that's another story.
You have some auto generated rules, are you blocking private networks?
Print
Go Up Pages1
User actions