Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
IDS seems to block specific LAN traffic but no alert
« previous
next »
Print
Pages: [
1
]
Author
Topic: IDS seems to block specific LAN traffic but no alert (Read 790 times)
9axqe
Full Member
Posts: 199
Karma: 4
IDS seems to block specific LAN traffic but no alert
«
on:
August 27, 2023, 12:16:11 pm »
Hello all,
it seems IDS is blocking an HTTPS connection from any machine on my LAN to a specific server (Home Assistant). Everything is on the same local network, the only unusual thing is the target port, which is random port (not a well known one, 60000+). Connection from the Home Assistant to other devices on my LAN seem to work fine. Connections between any other 2 IPs on my LAN seem fine as well.
If I disable IDS, HTTPS connections to Home Assistant work again.
While the issue is happening, Wireshark capture on my computer shows, ARP requests are not even answered, hence no traffic is flowing there. The Home Assistant IP is present in the opnsense ARP table though, I checked this.
The strange thing is there are
zero alerts listed under Services > IDS > Admin > Alerts
.
Any recommended steps for troubleshooting this? Specific logs I could check?
Logged
9axqe
Full Member
Posts: 199
Karma: 4
Re: IDS seems to block specific LAN traffic but no alert
«
Reply #1 on:
August 30, 2023, 10:50:23 am »
This specific LAN traffic can be blocked because it's traversing a LAN bridge (coming in via LAN1, going out via LAN2, both LAN1 and LAN2 are member of the LAN bridge).
What I don't understand is why IDS would want to block this.
Edit: ha, it says under IDS, when unfolding the help, "When enabling IPS, only use physical interfaces here (no vlans etc).". I wonder if that's my problem maybe? I should enable IDS on the physical LAN1 an LAN2 interface instead of the LAN bridge?
«
Last Edit: August 30, 2023, 10:54:39 am by 9axqe
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
IDS seems to block specific LAN traffic but no alert