Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
let out anything from firewall host itself - but is false
« previous
next »
Print
Pages: [
1
]
Author
Topic: let out anything from firewall host itself - but is false (Read 4817 times)
mark.migliorini
Newbie
Posts: 3
Karma: 0
let out anything from firewall host itself - but is false
«
on:
April 11, 2019, 04:34:16 pm »
Hi ,
I'm new to opnsense , i'm trying to configure a test vm machine
But i can't do a simple thing.
My configuration is vmware esx 6.5
vm test opnsense LAN 172.22.199.26 /24 WAN Public IP whit is Outside Gateway
route 172.22.201.0/24 using 172.22.199.1 as internal gateway
core switch ( routing ) vlan 199 - 172.22.199.1
vlan 201 - 172.22.201.1
ip route 0.0.0.0 0.0.0.0 172.22.199.26
test pc machine 172.22.201.121 / 24 whit gateway 172.22.201.1
from 172.22.201.121 can reach correctly 172.22.199.26 , but is impossible to reach outside internet
i try to make all sort of rules , * * any from any to any ecc , specific rules from 172.22.201.0/24 to ecc.
but no way , no internet from opnsense .
From firewall log is see this :
wan Apr 11 16:31:32 172.22.201.121:59435 217.72.40.21:80 tcp let out anything from firewall host itself
What i miss , normally whit Endian o Sophos firewall o Fortigate whit similar configuration i have no problem
P.S.
Other strange thing
I make a open vpn server config , and i can reach alla internal vlan whit no probleam..
Thanks Mark
«
Last Edit: April 11, 2019, 04:45:37 pm by mark.migliorini
»
Logged
mark.migliorini
Newbie
Posts: 3
Karma: 0
Re: let out anything from firewall host itself - but is false
«
Reply #1 on:
April 25, 2019, 11:54:20 pm »
No help?
Logged
5v3n
Newbie
Posts: 7
Karma: 1
Re: let out anything from firewall host itself - but is false
«
Reply #2 on:
April 26, 2019, 08:57:00 am »
Sounds like you need to configure route on "outside" to point to the net behind the OPNsense?
Logged
hbc
Hero Member
Posts: 501
Karma: 47
Re: let out anything from firewall host itself - but is false
«
Reply #3 on:
April 26, 2019, 01:30:02 pm »
Quote from: mark.migliorini on April 25, 2019, 11:54:20 pm
No help?
Missing NAT rule? outside gateway with private ip and block private in opnsense wan? Missing reverse route.
Test PC routes to core 172.22.201.1, core routes everything unknown to opnsense 172.22.199.26, opnsense route everything unknown to outside gateway. Outside gateway seems to have private ip in network 172.22.199.0/24.
So first you must enable RFC1918 networks on opnsense wan and your gateway needs either a reverse route to 172.22.201.0/24 or you must masquerade your internal networks to your opnsense wan ip.
Logged
Intel(R) Xeon(R) Silver 4116 CPU @ 2.10GHz (24 cores)
256 GB RAM, 300GB RAID1, 3x4 10G Chelsio T540-CO-SR
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
let out anything from firewall host itself - but is false