Sometimes Traffic is not matching Rules

Started by malom, November 24, 2021, 03:37:41 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 24, 2021, 03:37:41 PM
Hi everybody :)

I´m using OPNsense in an environment where I experiencing an unusal behaviour.

The OPNsense has an interface in a tranfser LAN. This transfer LAN has addresses for multiple client switches (routing capabilites) and there are routes configured from /30 client networks to the OPNsense (and reverse). When a client tries to reach something in the server LAN, this works for 99% of the traffic (because at present we have a allow any/any rule in the transfer LAN for debugging purpose. But sometimes the traffic is blocked by the default deny rule. However due to the any/any rule the default deny rule should never reached (the any/any rule is obviously a immediate matching rule). And in most scenarios the traffic is forwarded.

This is a brief diagram. Without changing the config, a particular traffic is passed in most connections. Sometimes it seems to matches no:

client_n_lan/30 <--SWITCH-L3--> transfer_lan/24 <--OPNsense--> server_lan/24

Any Ideas?

Thank you
Mario
Print
Go Up Pages1
User actions