Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Adding LAN suspends connection via WAN
« previous
next »
Print
Pages: [
1
]
Author
Topic: Adding LAN suspends connection via WAN (Read 361 times)
LiorY
Newbie
Posts: 11
Karma: 0
Adding LAN suspends connection via WAN
«
on:
May 23, 2024, 08:08:58 am »
Im running OPNsense on PROXMOX and when I have a WAN ips I can access the GUI, after I add LAN my connection is lost.
Any ideas?
Logged
meyergru
Hero Member
Posts: 1684
Karma: 165
IT Aficionado
Re: Adding LAN suspends connection via WAN
«
Reply #1 on:
May 23, 2024, 08:48:14 am »
That is why there is an "IDS" setting. Enable only that, see what gets flagged in the logs and then either disable those specific rules or remove the root cause. Obviously, when you jump directly to "IPS", some anticipated problems cause a disconnection.
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
LiorY
Newbie
Posts: 11
Karma: 0
Re: Adding LAN suspends connection via WAN
«
Reply #2 on:
May 23, 2024, 09:27:59 am »
I actually removed all rules of NAT and filter before adding the new LAN, which means I shouldnt have any disruption between the networks.
Logged
meyergru
Hero Member
Posts: 1684
Karma: 165
IT Aficionado
Re: Adding LAN suspends connection via WAN
«
Reply #3 on:
May 23, 2024, 11:22:18 am »
You cannot remove IPS rules by fiddling with NAT and firewall settings.
If you enable suricata IPS, it will detect, log and block anything suspicious. With only IDS enabled, it will detect and log only.
However, when your are locked out, you obviously cannot inspect the logs to see which suricata (i.e. not NAT/firewall) policies or rules cause the block. These are on a tab under "Intrusion Detection", not in the firewall or NAT rules.
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Adding LAN suspends connection via WAN