All incoming Traffic on WAN port gets blocked

Started by nbaldinger, February 06, 2025, 10:02:29 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 06, 2025, 10:02:29 AM
Ive setup OPNsense on an old Sophos firewall and plan on setting up OpenVPN to create a site to site VPN. But while trying to do that, I realized, that no traffic is coming through WAN (igb1). Ive searched online, including this forum, and found plenty of similar cases, yet I couldn't replicate their solutions. Most of them mentioned having to setup firewall rules on WAN, which I tried, but it didn't work. I even set a rule to allow ping requests from a specific IP, but that also didn't work.

Ive also reset the firewall multiple times by now. As of right now its reset to factory default.
Does anybody know why the manually added rules just get ignored?
February 06, 2025, 10:07:54 AM #1
Without you showing the rules you set up it's difficult to assist you. So I recommend you do that. Something is wrong with your rules.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
February 06, 2025, 10:28:40 AM #2
This is currently the only rule I have setup.
You cannot view this attachment.
February 06, 2025, 10:33:40 AM #3
This is a private network. Is your OPNsense behind another router? Are you trying to access the WAN address from a PC in that same network?

- remove the gateway from the rule
- check "Disable reply-to" in Firewall > Settings > Advanced
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
February 06, 2025, 10:41:28 AM #4
The firewall is not behind an additional router and the PC I'm using to try and connect to the WAN address is in the same network. I can ping the PC from the firewall, but not the other way around.
I've also checked the logs to make sure the pings even reach the firewall, and they do

Ive checked "Disable reply-to" in the settings and set the Gateway to default. The ping requests still don't make it through.You cannot view this attachment.You cannot view this attachment.
February 06, 2025, 10:52:48 AM #5
Please show the configuration of your WAN interface.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
February 06, 2025, 10:59:12 AM #6
Here you go:
You cannot view this attachment.
February 07, 2025, 01:03:36 AM #7
172.16.xxx is definitely an RFC1918 private network.
Your WAN is not internet facing, which makes it safe to connect a PC as a peer.

Using OPN within a private network is fine (I have a test instance on my network too).
You might want to disable bogons on WAN as well.

You've saved the rule AND applied it, right?
You must see a log entry for icmp traffic in Firewall > Log Files > Live view

I got a pass with my custom rule on my test instance...
February 07, 2025, 07:47:54 AM #8
Yes I did apply the rule after saving it and I've also tried disabling bogons as well. None of it worked.
After getting more annoyed at this issue I've installed pfsense and went through the same setup of creating a rule specifically for ICMP packets.
It worked. Even the VPN worked flawlessly. I'm not sure why, but most likely I borked something up when installing OPN on the firewall.
Anyway thanks for your help. I'll mark the thread as solved. At least for me it is.
Print
Go Up Pages1
User actions