traffic between interfaces blocked by default deny rule

Started by maggo787878, November 26, 2024, 03:09:29 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 26, 2024, 03:09:29 PM
Hello,
can anyone help me please? I have a problem with a console connection between the Opnsense and Proxmox which breaks off after a few seconds.
A rule was created that should let the traffic through the SRV_Lan to the LAN, which works, but in between I see that it is still blocked.

the Rule:
                          Source                 Port     Destination              Port   Gateway
IN   IPv4 TCP   10.1.20.20(SRV)   *   10.1.10.10(LAN)   *   *   *      DC_2_Proxmox

but in Liveview is the Traffic blocked
   SRV      2024-11-26T14:50:52   10.1.20.20:57634   10.1.10.10:8006   tcp   Default deny / state violation rule

I have tried the destination port and it is also blocked, the rule simply does not work

my Setup:



--------ISP------------Proxmox
                                     |
                           OpnSense---------SRV_Lan
                           |
                       ----Lan
                           |
                       ----DMZ
                           




--------ISP------------Proxmox
                          |
                  OpnSense---------SRV_Lan
                               |
                           ----Lan
                           |
                           ----DMZ
                           


November 26, 2024, 04:39:59 PM #1
My guess would be that the return path (from 10.1.10.10 to 10.1.20.20) is not through OPNsense, so it, by default, will consider the session invalid after a timeout of 30 seconds, because it's not seeing the full conversation. If you can't avoid asymmetric routing, you can hack around this by setting the state type for the rule allowing the connection to "sloppy".
Print
Go Up Pages1
User actions