Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
WAN Interface Blocking All Inbound Traffic/Connections
« previous
next »
Print
Pages: [
1
]
Author
Topic: WAN Interface Blocking All Inbound Traffic/Connections (Read 5235 times)
magnum80
Newbie
Posts: 1
Karma: 0
WAN Interface Blocking All Inbound Traffic/Connections
«
on:
August 08, 2018, 06:24:05 am »
All,
I recently setup an OPNsense version 18.7 firewall VM using an iso file in VMWare Workstation Pro 14. My firewall just has the WAN and LAN interfaces.
On the WAN network, I have a Windows XP VM connected. On the LAN network, I have a Windows XP VM and an Ubuntu desktop VM. I'm using a full class C IP address range for both networks.
To do some basic testing, I disabled Outbound NAT on the WAN interface. I also created an ANY ANY ANY rule for the WAN interface, i.e., ANY source IP to ANY destination IP for ANY protocols ALLOW.
From my VMs on the LAN, I can ping and traceroute to the Windows XP VM on the WAN network successfully.
However, even with the ANY/ANY/ANY ALLOW rule on the WAN interface, from the VM on the WAN network, I cannot ping or traceroute to the two VMs on the LAN network.
Any help or ideas would be appreciated.
Thanks.
Ron
Logged
marjohn56
Hero Member
Posts: 1701
Karma: 179
Re: WAN Interface Blocking All Inbound Traffic/Connections
«
Reply #1 on:
August 08, 2018, 08:03:19 am »
You cannot do that with IPv4, the packets from the WAN need to be routed. You can do something like that with Global IPv6 addresses.
The inbound packet WAN packet would need to be 'NATTED' to the LAN address . If you want to be able to ping ANY IPV4 address on your LAN from the WAN side you would be best served by setting up a VPN link, thus creating a tunnel to the LAN network.
To ping an internal LAN machine from the WAN you would create a NAT rule that allowed ICMP ping packets to be natted to VM machine A on your LAN, but the ping target for the VM machine on the WAN would be the WAN address of the firewall, NOT the LAN machine A address, you would not be able to add another ICMP Ping port forward to machine B as the port in question is already being sent to Machine A.
Edit: If you are trying to use opnsense without NAT, then read this thread:
https://forum.opnsense.org/index.php?topic=8778.0
«
Last Edit: August 08, 2018, 05:19:25 pm by marjohn56
»
Logged
OPNsense 24.7
-
Qotom Q355G4
- ISP -
Squirrel 1Gbps
.
Team Rebellion Member
- If we've helped you remember to applaud
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Tutorials and FAQs
»
WAN Interface Blocking All Inbound Traffic/Connections