Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Help understanding source address on NAT/Firewall
« previous
next »
Print
Pages: [
1
]
Author
Topic: Help understanding source address on NAT/Firewall (Read 2210 times)
allebone
Sr. Member
Posts: 402
Karma: 34
Help understanding source address on NAT/Firewall
«
on:
January 31, 2020, 04:06:04 pm »
Hi there,
I have downloaded a fresh install of OPNSense on a VM with virtual adapters, and only setup pppoe on the WAN interface and configured the LAN interface IP. No other changes have been made so it is very default (besides setting a password etc for login).
I would like to be able to block certain ports for certain LAN clients. EG: Block port 443 for all LAN clients except a few to a certain IP.
Before doing this I check live logging to see if I can find the internal IP's of clients I am testing with in the logs accessing 443. However all clients in the firewall log show as the WAN address when captured. EG:
Interface Time Source Destination Proto Label
wan Jan 31 14:59:36 142.113.216.163:58231 67.212.168.66:443 tcp let out anything from firewall host itself (force gw)
So source address is always 142.113.216.163 (my WAN IP) and destination and port is listed as correct (67.212.168.66:443).
This is unexpected. My expectation was something like source = 192.168.2.113:58231 (an internal IP). This would allow me to create a rule in the LAN side of the firewall restricting port 443 from a range of internal IP's to this destination. In this setup however, I can only blanket ban everything to that destination.
I have tested this with a LAN rule (does nothing) and then a WAN block rule that blocks successfully everything to a destination, or everything on a certain port I specify, but this limits me opening it up to certain internal LAN clients.
Is this behaviour expected, and if so what can I do to work around this behaviour?
P
Logged
banym
Sr. Member
Posts: 468
Karma: 31
Free Human Being, FreeBSD, Linux and Mac nerd
Re: Help understanding source address on NAT/Firewall
«
Reply #1 on:
January 31, 2020, 05:08:50 pm »
This works as designed. You are doing your caputre on the WAN interface. This means the packages are already processed by the LAN RULE and afterwards by the Outgoing-NAT.
And because the NAT was already done, you can't see local LAN ips on WAN.
If you want see the traffic from the local IP you need to capture on LAN interface.
Logged
Twitter: banym
Mastodon: banym@bsd.network
Blog:
https://www.banym.de
allebone
Sr. Member
Posts: 402
Karma: 34
Re: Help understanding source address on NAT/Firewall
«
Reply #2 on:
January 31, 2020, 05:25:05 pm »
Quote from: banym on January 31, 2020, 05:08:50 pm
If you want see the traffic from the local IP you need to capture on LAN interface.
Thank you, how can I do this and add relevant rules?
Logged
allebone
Sr. Member
Posts: 402
Karma: 34
Re: Help understanding source address on NAT/Firewall
«
Reply #3 on:
January 31, 2020, 05:41:05 pm »
Thank you, by testing further and with your advice I have understood what to do and the situation is now resolved
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Help understanding source address on NAT/Firewall