Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
[solved] wan access from private source ip when wan interface is on private net
« previous
next »
Print
Pages: [
1
]
Author
Topic: [solved] wan access from private source ip when wan interface is on private net (Read 4924 times)
dgk
Newbie
Posts: 5
Karma: 0
[solved] wan access from private source ip when wan interface is on private net
«
on:
April 13, 2020, 05:58:46 pm »
opnsense Noob here but experienced with firehol and iptables.
I have a new box I'm setting up for another location. So the wan interface is temporarily on my 10. private network Starting with the factory defaults I unchecked the block private networks and block bogon networks for the wan interface. All operational. I can reach internet from the LAN and the WAN interface was assigned a 10. ip.
Now I want to open up the wan side. So to start
I've added rules for ICMP ping, ssh, and a port forward an interior nx server. All accessing from a source computer with a 10. IP. They all are not working
So concentrating on just getting the ping to work I set a rule to open up (override the default deny all) WAN interface (answering "any"). The same "open it up" rule I use when doing some testing when I use firehol
When I ping from the 10. machine I see a "green" log for that rule from that machine but then on the machine there is no ping response not even a "Destination Unreachable" it behaves like it's waiting for some response which what the ssh connect acts like too. (yes ssh server is on and listening on all interfaces, i.e. can reach from LAN). Attached is rule match log details. FYI I can ping from opnsense box to that 10. machine without issue.
This makes me think this is something to do with my source being on 10. even though I have block private networks disabled.
Is there some magic sauce I need to further apply to have the wan interface on a private network with private network sources trying to connect via firewall?
?
I've set up other custom routers this way including the one using firehol (wan side temporarily in private network) without issue so this seems something particular to opnsense
«
Last Edit: April 18, 2020, 05:30:43 pm by dgk
»
Logged
dgk
Newbie
Posts: 5
Karma: 0
Re: wan access from private source ip when wan interface is on private network
«
Reply #1 on:
April 13, 2020, 06:42:44 pm »
Yup it was magic sauce not mentioned in any other post about setting up wan rules
enable "Disable reply-to" under Firewall: Settings: Advanced.
https://forum.opnsense.org/index.php?topic=3763.msg13034#msg1
all seems good. I'll mark this solved when I am sure this now works for all the one off rules
Logged
gguu
Newbie
Posts: 1
Karma: 0
Re: [solved] wan access from private source ip when wan interface is on private net
«
Reply #2 on:
October 20, 2024, 09:36:11 am »
I had very similar use case, albeit the WAN I get from ISP is a private one. This configuration doesn't exist in backup-and-restore options and was driving me crazy - old VM opnsense worked, and new installation on new VM didn't with all same NICs, processor and RAM config.
You literally saved me days of frustration. I think this should be documented and also included in backup xml (I did backup/restore with RRD data and that didn't solve. I'm no expert; though I hoped that was most comprehensive option available to backup.)
Thank you @dgk!
Logged
dseven
Sr. Member
Posts: 307
Karma: 33
Re: [solved] wan access from private source ip when wan interface is on private net
«
Reply #3 on:
October 20, 2024, 11:12:42 am »
Quote from: gguu on October 20, 2024, 09:36:11 am
This configuration doesn't exist in backup-and-restore options
Are you saying that you enabled Firewall -> Settings -> Advanced -> "Disable reply-to" and then made a backup (System -> Configuration -> Backups -> Download), but that setting was not included in the resulting XML file? (it should be opnsense->system->disablereplyto in the XML). It looks OK to me, though I haven't tried to restore this config to see if it gets applied. What release was the backup made on? Was it restored on the same release?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
[solved] wan access from private source ip when wan interface is on private net