Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Firewall Rules | InterVLAN Traffic
« previous
next »
Print
Pages: [
1
]
Author
Topic: Firewall Rules | InterVLAN Traffic (Read 1344 times)
XeroX
Full Member
Posts: 114
Karma: 7
Firewall Rules | InterVLAN Traffic
«
on:
May 25, 2022, 08:48:10 pm »
Hello,
obviously I'm to stupid to get traffic from one VLAN to another one.
I do get traffic from LAN to VLAN2. But I can't reach VLAN2 to LAN (only ICMP works).
Can someone help me with that? I tried rules in every direction on every interface (LAN, VLAN2). I'm able to reach LAN -> VLAN2 but not in the other direction. What am I doing wrong?
As ICMP works, I would rule out any routing problem.
Is this related to the webproxy? (transparent mode, but rules deleted on VLAN2)
Cheers and thx for help.
«
Last Edit: May 25, 2022, 09:02:12 pm by XeroX
»
Logged
_Alchemist_
Jr. Member
Posts: 54
Karma: 1
Re: Firewall Rules | InterVLAN Traffic
«
Reply #1 on:
May 26, 2022, 12:10:45 pm »
What kind of devices / Hosts are in the LAN and VLAN2 Network?
What Services (Port, Protocol) in the LAN Network are you trying to access from the VLAN2 Network?
Are there multiple Gateways?
...
Some additional information would probably help with solving your Problem
Logged
OPNsense: Intel Core i5-6500, 16 GB RAM, 2x 120GB SSD ZFS-mirror, 4x Intel i350-T4
XeroX
Full Member
Posts: 114
Karma: 7
Re: Firewall Rules | InterVLAN Traffic
«
Reply #2 on:
May 26, 2022, 02:36:42 pm »
Hello,
LAN contains ESXi Hosts and vCenter.
VLAN2 contains Active Directory and Horizon Connection Server.
I try to access vCenter (LAN) or any "internal" webservice via TCP 80 or 443. 80,443 or 3389 from LAN -> VLAN2 works fine.
Machines from VLAN2 can access the internet via Web Proxy (if needed, but currently not configured on any machine in VLAN2) (had it transparent before, but removed that).
OPNSense is the only physical gateway for both subnets.
Are there any hidden rules from the web proxy?
«
Last Edit: May 26, 2022, 02:55:38 pm by XeroX
»
Logged
XeroX
Full Member
Posts: 114
Karma: 7
Re: Firewall Rules | InterVLAN Traffic
«
Reply #3 on:
May 26, 2022, 07:43:58 pm »
So Port 22 works. Seems to be proxy related. But even when I turned off the web proxy, no transparent mode, no interfaces selected, it does not work.
Are there any hidden rules?
«
Last Edit: May 26, 2022, 07:55:01 pm by XeroX
»
Logged
XeroX
Full Member
Posts: 114
Karma: 7
Re: Firewall Rules | InterVLAN Traffic
«
Reply #4 on:
May 27, 2022, 01:37:34 pm »
I found the "hidden" rules via /tmp/rules.debug.
rdr on igb1_vlan2 inet proto tcp from {(igb1_vlan2:network)} to {any} port {80} -> 127.0.0.1 port 3128 # redirect traffic to proxy
rdr on igb1_vlan2 inet proto tcp from {(igb1_vlan2:network)} to {any} port {443} -> 127.0.0.1 port 3129 # redirect secure traffic to proxy
a) Why they are "hidden" and not removed when switching off transparent mode?
b) how can I remove this?
@franco sry to summon, any ideas? is this a known issue?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
Firewall Rules | InterVLAN Traffic