Having weird problem with default rule blocking some IPs and ports

Started by Death_Master, January 20, 2020, 10:31:17 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 20, 2020, 10:31:17 PM
Hello.
I have a frustrating problem - from LAN i cannot access socks proxy outside while for example ICMP and HTTP are working perfectly.
Just installed opnsense on that router today so config is fresh.
What i see in logs - "Default deny rule" is blocking connections to socks proxy (LAN, direction=in).
Did try to setup rules for allowing all in on LAN, on WAN, on floating rules in any direction, nothing helps.
Can someone explain me hidden rules(as i did not see any that should block my traffic) that can contribute to default block?
How to fix the problem?
I need just simple setup that allows all LAN traffic pass out and all WAN return well when requested from LAN with a little shaping(shaping part i did setup already).
January 21, 2020, 09:31:20 PM #1
Is the proxy on an RFC 1918 address range? The default OPNsense config blocks those on the WAN

Bart...
January 22, 2020, 06:46:42 AM #2
No, it is on internet range.
If you want exact address - its on 80.246.31.3:1080 .
January 24, 2020, 07:10:50 AM #3
default deny is a "last match" rule, so if that does match it means your created rules didn't match, have you created them as "first match"? can you post a screenshot?
https://www.signorini.ch
Protectli Pfsense Mi7500L6 Intel 7Th Gen Core I7 7500U 16Gb Ddr4 Ram
512Gb Msata Ssd
6 X Intel Gigabit Ethernet
January 24, 2020, 07:41:14 AM #4
here is screenshot:
https://prnt.sc/qs4eqc
January 24, 2020, 07:58:32 AM #5
you didn't select source, put "any" or "LAN net", also provide a screenshot of the lower part, destination should also be set to any
https://www.signorini.ch
Protectli Pfsense Mi7500L6 Intel 7Th Gen Core I7 7500U 16Gb Ddr4 Ram
512Gb Msata Ssd
6 X Intel Gigabit Ethernet
Print
Go Up Pages1
User actions