default rule applied regardless other floating rules

Started by bfr, February 05, 2020, 01:33:19 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 05, 2020, 01:33:19 PM
Hi,
I've set up a test instance in a VirtualBox VM with one external and one internal interface. The external interface is in the same network as the VirtualBox host.
I've tried to set up 2 floating rules to let me in from the WAN network for SSH and HTTPS, but it seems they are ignored. I tried "WAN Net" as source and "This Firewall" as destination, I widened up to "allow everything for 22/TCP and 443/TCP on WAN" - no change, still blocked by "default rule".  And yes, "Block private / bogon networks" is disabled  ;)
Now I'm stuck and I think I missed something.
February 05, 2020, 01:40:13 PM #1
If you have look on the screenshot you sent, there are two rules above your allow rules that block that kind of traffic.

Twitter: banym
Mastodon: banym@bsd.network
Blog: https://www.banym.de
February 05, 2020, 01:51:43 PM #2
Or wait, that rule only is applied if your source is listed there.

I faced a similar problem, that it was not possible to connect to the WAN interface if you are using DHCP and you are on the same subnet. It seems that all traffic was directed to the gateway from the opnsense.

Can you try to configure a static address on wan and let gateway empty?
Twitter: banym
Mastodon: banym@bsd.network
Blog: https://www.banym.de
February 05, 2020, 01:58:11 PM #3 Last Edit: February 05, 2020, 02:12:06 PM by bfr
You mean the both regarding SSHLockout and WebConfiguratorLockout? I've enabled "Disable administration anti-lockout rule" so theoretically these automatic rules should be removed. The logging says that first my own rules apply and afterwards the default deny rule matches, so in the end, the access is denied.

Edit: I've not used static address on WAN yet, but I will try.

Edit²: It works after setting a static address. Well, shouldn't be that considered as a bug?
Print
Go Up Pages1
User actions