Maltrail, requests being forwarded to gateway

Started by ManBat, January 22, 2022, 08:26:23 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 22, 2022, 08:26:23 AM
Hi,

I've installed maltrail and it seems to be up.  If I ssh onto the firewall and telnet to the port locally and do a get it works. 

All the requests from a remote machine on the network seem to be being forwarded to the gateway though, I see the firewall rules getting triggered (and passing).

Listening on all addresses:
tcp4       0      0 *.5000                 *.*                    LISTEN


Local access:
Loopback      Jan 22 07:09:51   127.0.0.1:53854   127.0.0.1:5000   tcp   pass loopback   
Loopback      Jan 22 07:09:51   127.0.0.1:53854   127.0.0.1:5000   tcp   let out anything from firewall host itself   

Remote access:
   External1      Jan 22 07:24:12   212.xxx.xxx.xxx:49321   192.168.1.1:5000   tcp   let out anything from firewall host itself (force gw)   
lan      Jan 22 07:24:12   192.168.1.101:27996   192.168.1.1:5000   tcp   Inside outbound   
External2      Jan 22 07:24:11   192.168.9.31:58083   192.168.1.1:5000   tcp   let out anything from firewall host itself (force gw)   
External1      Jan 22 07:24:11   212.xxx.xxx.xxx 168.1.1:5000   tcp   Inside outbound


I did create a specific allow rule for the server but I don't think that's the problem.

Cheers,
MMB
January 22, 2022, 10:17:03 AM #1
Then this interface has an upstream gateway in Interfaces : Xxx
January 22, 2022, 03:29:36 PM #2
Hey,

so 212.xxx is a gateway defined as a single gateway (External1) where the opnsense is the DHCP client of a bridge and External 2 has another upstream hop on another VLAN.

Another data point for you though, I access the opnsense GUI on the same address on port 443.  Is the GUI "special"?

i.e. 192.168.1.1:443 (Opnsense GUI), 192.168.1.1:5000 shipped upstream. 

192.168.1.1 *is* the default gateway for the network I'm reaching it from.

Cheers,
MB
January 22, 2022, 04:48:29 PM #3
OPNsense will send EVERY reply to Upstream of Set, No matter If its on the same network
January 22, 2022, 11:56:19 PM #4
So why can I reach the opnsense gui and not the maltrail one? I get the sending on but surely that should be consistent. Or do I misunderstand?
January 25, 2022, 01:58:21 PM #5
I added another interface separately addressed to the firewall, added a rule to allow access and now it works.  I wonder if the listen interface on the webui has something to do with it but I'm not sure

Short answer for anyone who finds this: Run it on a different interface + address to the one acting as your gateway.
January 25, 2022, 02:06:03 PM #6
Quote from: ManBat on January 25, 2022, 01:58:21 PM

Short answer for anyone who finds this: Run it on a different interface + address to the one acting as your gateway.

No, for most users the LAN address is fine :)
January 30, 2022, 08:56:50 PM #7
ok but why?

I can hit the management UI but not the maltrail GUI?

That doesn't make any sense unless it is somehow "special".
January 30, 2022, 09:47:21 PM #8
Screenshot of firewall rules?
Print
Go Up Pages1
User actions