Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
Getting blocked by the firewall
« previous
next »
Print
Pages: [
1
]
Author
Topic: Getting blocked by the firewall (Read 4916 times)
hypemedia
Newbie
Posts: 15
Karma: 0
Getting blocked by the firewall
«
on:
August 06, 2021, 11:36:08 am »
We are trying to migrate from pfsense to opnsense and I encountered a few issues:
1. My Ip is getting blocked all the time and I am not able to connect to the interface if I don't disable the firewall.
I have created a rule for the IP to be allowed fully but I think is overwritten by the automated generated floating rules.
2. Where can I create a white list for the suricata IDS. On pfsense I can create an alias that I can use on all the services. On suricata I can not find where to add such alias.
3. Where can I clean IP blocked by the different services like virusprot, sshlockout list and so on.
Logged
phoenix
Hero Member
Posts: 545
Karma: 58
Re: Getting blocked by the firewall
«
Reply #1 on:
August 06, 2021, 11:42:47 am »
Which IP is getting blocked, are you talking about the LAN or WAN IP address?
Logged
Regards
Bill
hypemedia
Newbie
Posts: 15
Karma: 0
Re: Getting blocked by the firewall
«
Reply #2 on:
August 06, 2021, 12:29:56 pm »
The firewall is a transparent bridge firewall there is no lan. The public IP used by me to access the firewall interface gets blocked.
Logged
chemlud
Hero Member
Posts: 2485
Karma: 112
Re: Getting blocked by the firewall
«
Reply #3 on:
August 06, 2021, 01:37:49 pm »
network plan, please
Logged
kind regards
chemlud
____
"The price of reliability is the pursuit of the utmost simplicity."
C.A.R. Hoare
felix eichhorns premium katzenfutter mit der extraportion energie
A router is not a switch - A router is not a switch - A router is not a switch - A rou....
falanca
Newbie
Posts: 3
Karma: 0
Re: Getting blocked by the firewall
«
Reply #4 on:
August 09, 2021, 02:37:10 pm »
Same here... but I've freshly installed v21.7.
When I try to connect a pc from outside with vnc, I'm stucking on "default deny rule". It was working before!
network plan
internet > modem 192.168.10.1 > opnsense wan 192.168.10.2 > LAN PC 192.168.1.10
you can see rules and logs at the attachment
Note: When I was creating NAT rules, system didn't automaticly created some WAN rules. But I've deleted and recreated that NAT rules (ex: VNC rule) than system created automaticly WAN rules.
I think it'a bug.
«
Last Edit: August 09, 2021, 02:52:29 pm by falanca
»
Logged
falanca
Newbie
Posts: 3
Karma: 0
Re: Getting blocked by the firewall
«
Reply #5 on:
August 09, 2021, 08:09:30 pm »
[SOLVED]
Now I can connect If I select both LAN & WAN interfaces in the NAT rule for VNC and others!
Before WAN interface was enough for the NAT!
«
Last Edit: August 10, 2021, 12:20:05 pm by falanca
»
Logged
hypemedia
Newbie
Posts: 15
Karma: 0
Re: Getting blocked by the firewall
«
Reply #6 on:
August 12, 2021, 12:47:53 pm »
Ok so for my first problem the issue was related to the alias that I have configured it was on URL(IP) and needed to be on hosts.
For 2 and 3 a still have now solution.
On top of that I realised that all outgoing traffic from the VMs is blocked.
my netplan is like this:
internet -> opnsense (I have 2 virtual networks WAN (connected to a vswitch) and OPT connected to an other vswitch) > VMs (also public IP no NAT)
Have also tried to move the rules from bridge to wan. Also important to mention is that also from Opnsense I don't have any outgoing connection.
Both WAN and OPT are configured in a bridge interface. The public IP of the opnsense is on the bridge and all the traffic rules are also configured on the bridge interface.
On the LAN and OPT interfaces all the traffic is allowed in both directions.
«
Last Edit: August 12, 2021, 01:55:25 pm by hypemedia
»
Logged
hypemedia
Newbie
Posts: 15
Karma: 0
Re: Getting blocked by the firewall
«
Reply #7 on:
August 12, 2021, 04:11:39 pm »
Update.
Outgoing traffic is ok now.
What I did:
1. Moved all the rules on the WAN interface
2. Moved the management IP from bridge interface to the WAN interface.
3. Allowed traffic on Bridge and OPT interface.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
21.7 Legacy Series
»
Getting blocked by the firewall