Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
one way firewall issue - missing "conntrack" - traffic to DMZ
« previous
next »
Print
Pages: [
1
]
Author
Topic: one way firewall issue - missing "conntrack" - traffic to DMZ (Read 3800 times)
sb@plzk.de
Newbie
Posts: 1
Karma: 0
one way firewall issue - missing "conntrack" - traffic to DMZ
«
on:
January 31, 2018, 01:06:34 pm »
Dear Users,
i can not find a suitable FW-rule to allow traffic to a DMZ-machine
and
letting pass the packages coming back.
I see the traffic entering the DMZ-machine and see traffic leaving, but the response is blocked by opnsense. Its plain http-traffic.
For all other traffic, RELATED/ESTABLISHED packages have been always allowed.
VPN-CLIENTS(10.8.2.0/24) <-----INTERNET------> VPN-GW (lan: 172.16.1.3)
Webserver (lan: 172.16.1.4)
Default-GW for DMZ (OPNSENSE) 172.16.1.254
Traffic goes from VPN-Client -> VPN-GW -> Webserver > Default-GW and then it gets blocked by OPNSENSE.
MY DMZ FW-Rule is:
IPv4 TCP 10.8.2.0/24 * 172.16.1.4 80 (HTTP)
Any idea?
any help is greatly appreciated.
thank you!
Stefan
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
17.7 Legacy Series
»
one way firewall issue - missing "conntrack" - traffic to DMZ