basic fw troubleshooting

Started by 9axqe, August 27, 2023, 06:41:21 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 27, 2023, 06:41:21 PM
Hello,

I'm still very new at opnsense, so apologies in advance if this is a very trivial question.

Scenario:
* I believe I have blocked specific IPs on my LAN subnet from talking to the LAN subnet in general (they should only have internet access).
* On a device with such an IP (I checked the IP both in DHCP leases and on the device itself, let's say it's 192.168.1.201) I load http://192.168.1.100. It works, which is not what I expect.

Now I would like to troubleshoot it and understand which fw rules is allowing this through.

But I cannot find this connection anywhere, neither under troubleshooting>states, nor under troubleshooting>sessions. In both cases, I filter using the .201 IP. I do see some connection from that IP, but all to the internet, nothing to a the .100 IP.

What am I missing?
August 27, 2023, 09:15:47 PM #1
All devices in the same subnet 192.168.1.0/24 (=connected to the same switch in the same VLAN) can talk to each other directly by using the ARP protocol.

You cant block that traffic with a standard configured opnsense. For such scenarios you need a Layer 2 Firewall. If you have enough ports you can look into transparent bridge configuration.
Hardware:
DEC740
August 28, 2023, 08:58:58 AM #2
Ah, of course... I do have a bridge and I see some LAN traffic on Sense, at least the traffic that has to cross the bridge and I wrongly assumed I was supposed to see all LAN traffic...
Print
Go Up Pages1
User actions