Doesn't understand that firewall behavior

Started by kug1977, May 31, 2024, 09:50:52 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 31, 2024, 09:50:52 AM
Hi,

I'm kind of blind, where to look for issues anymore. It is OPNsense 24.1.7_4-amd64

I have two vLANs
020_equipment 10.1.20.1/23
100_trusted_clients 10.1.100.1/23

I have two floating rules, that have these interfaces assigned, saying

  • direction IN/OUT IPv4/IPv6 any to any, any protocoll
  • no further rules defined anywhere else

I can ping

  • 10.1.20.1 to a device 10.1.21.20
  • 10.1.100.1 to a device 10.1.20.1

but I cannot ping 10.1.101.68 to 10.1.21.20, while the life view of the firewall shows green for the ICMP packages.


May 31, 2024, 09:55:27 AM #1
Does 10.1.21.20 have a proper default gateway configured?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
May 31, 2024, 10:00:41 AM #2
What types of clients are these?

Because if the firewall shows the ICMP packets as passing, I would guess that the target simply does not answer. This would be the case for Windows machines, which by default only answer to pings from their local subnet unless you change the local Windows firewall rules.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
May 31, 2024, 01:37:20 PM #3
the IP address 10.1.21.20 is assigned to a network printer.

This printer was reachable via HTTPS Admin GUI and pingable in the past. And it answers pings to the OPNsense, when using the built in ping command from the gateway of

  • 020_equipment 10.1.20.1
  • 010_trusted clients 10.1.100.1
  • but not from 10.1.100.68 or 10.1.101.68
and nothing changed on the printer setup. The only I changed was setting up the firewall fresh.

I checked the printers settings, it has
IP Address: 10.1.21.20
Subnet mask: 255.255.254.0
Gateway: 10.1.20.1

all given out by DHCP.
Print
Go Up Pages1
User actions