OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 23.1 Legacy Series »
  • Internet bound traffic blocked on LAN
« previous next »
  • Print
Pages: [1]

Author Topic: Internet bound traffic blocked on LAN  (Read 967 times)

zenjubo

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Internet bound traffic blocked on LAN
« on: April 22, 2023, 05:45:49 pm »
I have a very traditional firewall setup using latest 23.1.6. It is running on an old Dell optiplex with a quad NIC. No virtualization, no VLANs. Even most of the OPNsense settings are using basic defaults. Basically nothing fancy I think.

I am seeing and trying to understand why some of the internal traffic for the interneet is getting blocked on the LAN. Here is an example of a filterlog showing one such block.

4,,,02f4bab031b57d1e30553ce08e0ec131,em2,match,block,in,4,0x0,,128,49330,0,DF,6,tcp,40,192.168.47.33,104.95.45.223,55739,443,0,RA,215397605,3654958231,0,,

em2 is the LAN. 192.168.47.33 is my desktop from which I am posting this topic. So not all traffic is blocked, just some per filterlog.

Attaching what the rules look like for LAN. This is basically the default from OPNsense.

I am not an expert at all the parameters in the filterlog. Perhaps one of these params has the reason OPNsense decided to block this particular traffic. For example, I think the leading 4 indicates it was blocked by rule #4 but I have no idea what is rule #4.

Thanks and let me know if you need any other details.
Logged

TheAutomationGuy

  • Newbie
  • *
  • Posts: 23
  • Karma: 0
    • View Profile
Re: Internet bound traffic blocked on LAN
« Reply #1 on: April 24, 2023, 03:38:09 pm »
I would suggest that you change the "from LAN network" to "any" in both of your rules, making it a true Allow All type of rule.
Logged
Just a hobbyist trying to figure all this out.

zenjubo

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Re: Internet bound traffic blocked on LAN
« Reply #2 on: April 24, 2023, 06:32:02 pm »
I can give that a shot but the IPs that are matching and getting blocked by the implicit deny are part of LAN net. So not sure if changing this to "any" will have much of an effect. And besides, this is the default LAN rules out of the box.

Fundamentally, what is not making sense is the traffic clearly matches the existing "allow all from LAN net" rule and the "Quick" option is ticked. So that should be sufficient for it to "Pass". But for some weird reasons, the firewall does not think there is a match and so is processing down the rules list until it hits the final implicit deny.

I am assuming rule ID 4 is the implicit deny at the end of the rules.

I am not sure what the rest of the fields in the filterlog represent and if they could shed a light on why the firewall did not match to the "allow all from LAN net" rule.
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 23.1 Legacy Series »
  • Internet bound traffic blocked on LAN
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2