Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
two firewalls - ext. and int. the dig is working "internally" but no web- access
« previous
next »
Print
Pages: [
1
]
Author
Topic: two firewalls - ext. and int. the dig is working "internally" but no web- access (Read 965 times)
rickeyw
Newbie
Posts: 13
Karma: 0
two firewalls - ext. and int. the dig is working "internally" but no web- access
«
on:
April 21, 2020, 02:38:08 am »
Hello Everyone,
I hope All is doing well !
Please, see the attached image for a small infrastructure with two firewalls.
There is an "external" firewall - fw1, and "internal" one - fw2.
On fw1's e1- interface is configured as opt1, and e0, as wan. There is also a lan- interface on fw1 (lan1) but for simplicity it is not shown on the diagram.
The wan1 ip- address on fw1's e0 is not the real one, and just implies that it is connected to the public net.
A range of 192.0.2.0/30 is used between fw1, and fw2.
On fw1's e1- interface icmp, dns (tcp, and udp), http, and https rules are configured, and a static route to 192.168.1.0/24 thru 192.0.2.2 is done too.
On fw2's e0- interface is configured as wan, and e1 is configured as lan.
On fw2/e0 a static route to 1.1.1.0/24 thru 192.168.1.1 is configured too.
From "Interfaces"-"Diagnostic"-"Ping" of fw2's wan (e0) I am able to ping google.com (the reply is ok from 8.8.8.
.
From "Interfaces"-"Diagnostic"-"Ping" of fw2's lan (e1) I am able to ping google.com, and 8.8.8.8 (the reply is OK from 127.0.0.1).
From pc1, when I try to ping google.com, or 8.8.8.8 there is no reply (very strange because the dig google.com from the same pc1 is working perfectly !) - Could you give a hand with this, please ? The OS is Pop!_OS, and ufw is stopped, and disabled. No firewalld, and iptables presented, and I just ask the Pop!_OS community and they have confirmed that nothing else should block the ping by default. There is no Proxies enabled on neither firewalls, and pc1 ...
I ahve an additional question for the static route on fw2 - Does 0.0.0.0/0 as destination network, instead of 1.1.1.0/24 will work ?
Thanks, and Regards,
rick
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
two firewalls - ext. and int. the dig is working "internally" but no web- access