Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
default rule applied regardless other floating rules
« previous
next »
Print
Pages: [
1
]
Author
Topic: default rule applied regardless other floating rules (Read 1525 times)
bfr
Newbie
Posts: 2
Karma: 0
default rule applied regardless other floating rules
«
on:
February 05, 2020, 01:33:19 pm »
Hi,
I've set up a test instance in a VirtualBox VM with one external and one internal interface. The external interface is in the same network as the VirtualBox host.
I've tried to set up 2 floating rules to let me in from the WAN network for SSH and HTTPS, but it seems they are ignored. I tried "WAN Net" as source and "This Firewall" as destination, I widened up to "allow everything for 22/TCP and 443/TCP on WAN" - no change, still blocked by "default rule". And yes, "Block private / bogon networks" is disabled
Now I'm stuck and I think I missed something.
Logged
banym
Sr. Member
Posts: 468
Karma: 31
Free Human Being, FreeBSD, Linux and Mac nerd
Re: default rule applied regardless other floating rules
«
Reply #1 on:
February 05, 2020, 01:40:13 pm »
If you have look on the screenshot you sent, there are two rules above your allow rules that block that kind of traffic.
Logged
Twitter: banym
Mastodon: banym@bsd.network
Blog:
https://www.banym.de
banym
Sr. Member
Posts: 468
Karma: 31
Free Human Being, FreeBSD, Linux and Mac nerd
Re: default rule applied regardless other floating rules
«
Reply #2 on:
February 05, 2020, 01:51:43 pm »
Or wait, that rule only is applied if your source is listed there.
I faced a similar problem, that it was not possible to connect to the WAN interface if you are using DHCP and you are on the same subnet. It seems that all traffic was directed to the gateway from the opnsense.
Can you try to configure a static address on wan and let gateway empty?
Logged
Twitter: banym
Mastodon: banym@bsd.network
Blog:
https://www.banym.de
bfr
Newbie
Posts: 2
Karma: 0
Re: default rule applied regardless other floating rules
«
Reply #3 on:
February 05, 2020, 01:58:11 pm »
You mean the both regarding SSHLockout and WebConfiguratorLockout? I've enabled "Disable administration anti-lockout rule" so theoretically these automatic rules should be removed. The logging says that first my own rules apply and afterwards the default deny rule matches, so in the end, the access is denied.
Edit: I've not used static address on WAN yet, but I will try.
Edit²: It works after setting a static address. Well, shouldn't be that considered as a bug?
«
Last Edit: February 05, 2020, 02:12:06 pm by bfr
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
default rule applied regardless other floating rules