OPNSense blocks one machine even though pass rules and log statements

Started by benibilme, April 21, 2020, 01:17:42 AM

Previous topic - Next topic
Hello

TLDR
In my network, only one machine can not access the firewall but also internet. Machine ip address is defined as pass rule in the rule settings. I can see the packets are allowed to pass from firewall live logs. However I can not ping the firewall from the machine as well as access the internet. I have given different ip addresses that are granted accesses to the firewall but the same happens.The machine, I believe based no mac, is not granted access. firewall is not using radius etc.

Long story:


I am runnig one opnsense firewall in my network. I have internal radius backed dhcp server. opnsense firewall relays dhcp request to the internal dhcp server.
I have a windows 10 machine that have not been used for quite sometime. Recently I booted it up, it received its preconfigured ip address from internal miktotik radius backed dhcp server.

* For every machine in the local network, there are aliases and rules are defined. The rules for the machine is also active. Basicall this machine is allowed to access outside.
* Machine's windows firewall is disabled.
* Machine can ping all machines in the local network except opnsense firewall and internet ipaddresses. Machine can access shared folders and other resources in the local network/lan.
* From the firewall live logs, by filtering for the ip address of the machine, I can see that packets, icmp and others are allowed from this machine, even though machine strangely can not go outside and can not receive ping responses.
* However unbound gives following error for each request made by this machine to firewall

2020-04-21T02:08:04   unbound: [98722:0] notice: remote address is ip4 192.168.1.23 port 51715 (len 16)
2020-04-21T02:08:04   unbound: [98722:0] notice: sendto failed: Invalid argument
2020-04-21T02:08:04   unbound: [98722:0] debug: using localzone xxxx.home. transparent
2020-04-21T02:08:04   unbound: [98722:0] info: 192.168.1.23 wpad.xxxx.home. A IN
2020-04-21T02:08:02   unbound: [98722:0] notice: remote address is ip4 192.168.1.23 port 51715 (len 16)
2020-04-21T02:08:02   unbound: [98722:0] notice: sendto failed: Invalid argument
2020-04-21T02:08:02   unbound: [98722:0] debug: using localzone xxxx.home. transparent
2020-04-21T02:08:02   unbound: [98722:0] info: 192.168.1.23 wpad.xxxx.home. A IN

* Unbound has following settings active in its general settings.

Enable DNSSEC Support
Register DHCP leases
Register DHCP static mappings

* Unbound does not have any access list configured other than generic ones as below.

Internal    Allow    127.0.0.1/8
Internal    Allow    ::1/64
Internal    Allow    192.168.1.1/24
Internal    Allow    fe80::2e0:67ff:fe10:ab4a/64

In summary: OPNSense reports that packets are passing from the firewall, but the machine can not ping or access the firewall even though there are not any setting in the unbound. Unbound does not have specific setting for the machine

What could be the reason? Any help much appreciated. By the way, every machine in the network based on firewall rules can access internet without problem. Only this machine has this problem.

UPDATE.
--------
I have disabled the UNBOUND and enabled the dnsmasq as dns server. The same problem continues. I have not seen anything in the dnsmasq logs (there is not option of controlling log level in the settings similar to unbound)

Below post describes the root of the problem. Basically it was dhcp left over static entries.Dhcp server was relay mode but static entries were somehow still honored by opnsense. This is new to us.

https://forum.opnsense.org/index.php?topic=16908.msg76956#msg76956