Maltrail, requests being forwarded to gateway

[ManBat]

Hi,

I've installed maltrail and it seems to be up.  If I ssh onto the firewall and telnet to the port locally and do a get it works. 

All the requests from a remote machine on the network seem to be being forwarded to the gateway though, I see the firewall rules getting triggered (and passing).

Listening on all addresses:
 tcp4       0      0 *.5000                 *.*                    LISTEN


Local access:
Loopback      Jan 22 07:09:51   127.0.0.1:53854   127.0.0.1:5000   tcp   pass loopback   
Loopback      Jan 22 07:09:51   127.0.0.1:53854   127.0.0.1:5000   tcp   let out anything from firewall host itself   

Remote access:
   External1      Jan 22 07:24:12   212.xxx.xxx.xxx:49321   192.168.1.1:5000   tcp   let out anything from firewall host itself (force gw)   
lan      Jan 22 07:24:12   192.168.1.101:27996   192.168.1.1:5000   tcp   Inside outbound   
External2      Jan 22 07:24:11   192.168.9.31:58083   192.168.1.1:5000   tcp   let out anything from firewall host itself (force gw)   
External1      Jan 22 07:24:11   212.xxx.xxx.xxx 168.1.1:5000   tcp   Inside outbound


I did create a specific allow rule for the server but I don't think that's the problem.

Cheers,
MMB

[mimugmail]

Then this interface has an upstream gateway in Interfaces : Xxx

[ManBat]

Hey,

so 212.xxx is a gateway defined as a single gateway (External1) where the opnsense is the DHCP client of a bridge and External 2 has another upstream hop on another VLAN.

Another data point for you though, I access the opnsense GUI on the same address on port 443.  Is the GUI "special"?

i.e. 192.168.1.1:443 (Opnsense GUI), 192.168.1.1:5000 shipped upstream. 

192.168.1.1 *is* the default gateway for the network I'm reaching it from.

Cheers,
MB

[mimugmail]

OPNsense will send EVERY reply to Upstream of Set, No matter If its on the same network

[ManBat]

So why can I reach the opnsense gui and not the maltrail one? I get the sending on but surely that should be consistent. Or do I misunderstand?

[ManBat]

I added another interface separately addressed to the firewall, added a rule to allow access and now it works.  I wonder if the listen interface on the webui has something to do with it but I'm not sure

Short answer for anyone who finds this: Run it on a different interface + address to the one acting as your gateway.

[mimugmail]

Short answer for anyone who finds this: Run it on a different interface + address to the one acting as your gateway.

No, for most users the LAN address is fine

[ManBat]

ok but why?

I can hit the management UI but not the maltrail GUI?

That doesn't make any sense unless it is somehow "special".

[mimugmail]

Screenshot of firewall rules?