Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Changing firewall gateway rule to failover group prevents SSH or WebGui access?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Changing firewall gateway rule to failover group prevents SSH or WebGui access? (Read 488 times)
ripple57
Newbie
Posts: 1
Karma: 0
Changing firewall gateway rule to failover group prevents SSH or WebGui access?
«
on:
February 23, 2024, 08:34:43 am »
Title calls out about as much as I know thus far-I've had dual WANs setup for some time, but realized today that my firewall rules enabling internet access for LAN and for my various VLANs had "default" set for their Gateway. I changed them to my gateway group, and after a few seconds, I'm no longer able to access the WebGUI, nor am I able to access the console via SSH. I went in, restored a backup, everything came back no problem. Made the same change again, with the same result.I've verified that both WebGUI and Secure Shell are listening on all interfaces in System > Administration. Anything else I should check?
UPDATE: It looks like it breaks routing. I can get to the internet, but getting to resources in other VLANs no longer works after making the gateway change.
UPDATE: As a test, I changed the gateway of VLAN2 which contains laptop2 to be the gateway group. From another laptop1 on VLAN1 with gateway set to default, I viewed the firewall logs as I tried to access a NAS in VLAN1 from laptop2-- I didn't see any traffic. However, when I changed the gateway setting back to default on VLAN2 and tried to access the NAS in VLAN1 from laptop2, I could immediately see the traffic hit my firewall.
Am I misunderstanding what the gateway setting does? Does it force all traffic to go to the Gateway WAN group, even if it's internal?
«
Last Edit: February 23, 2024, 08:56:40 am by ripple57
»
Logged
driz
Newbie
Posts: 3
Karma: 0
Re: Changing firewall gateway rule to failover group prevents SSH or WebGui access?
«
Reply #1 on:
March 20, 2024, 10:32:09 pm »
I saw the exact same behavior, read your post, realized my firewall rule was mistakenly using default gateway, changed it to the group, per the opnsense documentation, immediately lost webui and ssh access. I've actually not fixed it yet because it's a long walk down to the server room...
Logged
I'm a dev with linuxserver.io and general IT enthusiast
driz
Newbie
Posts: 3
Karma: 0
Re: Changing firewall gateway rule to failover group prevents SSH or WebGui access?
«
Reply #2 on:
March 21, 2024, 02:28:41 pm »
just wanted to let you know i resolved my issue. as noted at the end of step4 in
https://docs.opnsense.org/manual/how-tos/multiwan.html
, traffic destined for the firewall itself will be routed in the wrong direction. While their focus is on dns, this applies to all traffic. In my case, I followed step5 but rather than dns, i created a management port alias containing 22,80,443, then created the step5 rule (above my lan pass rule) and it fixed my issues.
tl;dr do step 5 before step 4, change step5 rule to be management ports
Logged
I'm a dev with linuxserver.io and general IT enthusiast
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Changing firewall gateway rule to failover group prevents SSH or WebGui access?
