Intra Fw connection drop after 30 sec

Started by maurotb, September 27, 2020, 10:03:30 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
September 27, 2020, 10:03:30 PM Last Edit: September 27, 2020, 11:38:25 PM by maurotb
Hi,
i have 2 opnsense

Lan1->opnsense1->   
                                   wan router
Lan2->opnsense2->   

opnsense1 have a static route for lan2,destination  opnsense2
opnsense2 have a static route for lan1,destination  opnsense1

Hybrid outbound NAT rule generation
In opnsense1 i have a nonat to lan2
In opnsense2 i have a nonat to lan1

Firewal rule in opnsense2, permit ip from lan1

Gateway monitoring is disabled.
Block private network on wan, disabled

Now, communication from lan1 to lan2 and from lan2 to lan1 work correctly buf after after 30 seconds stop.
Is not asymmetric, but i have try "Bypass Firewall Rules for Traffic on Same Interface" with no success
I think is a state problem, but how to resolve?

When i connect from Lan1 to Lan2 (ssh from 172.30.0.164 to 172.30.2.10)
in opnsense 1 i have
all   tcp   172.30.0.164:59216 -> 172.30.2.10:22   SYN_SENT:CLOSED   
all   tcp   172.30.2.10:22 <- 172.30.0.164:59216   CLOSED:SYN_SENT

In opnsense2 i have

all   tcp   172.30.0.164:59216 -> 172.30.2.10:22   ESTABLISHED:ESTABLISHED   
all   tcp   172.30.2.10:22 <- 172.30.0.164:59216   ESTABLISHED:ESTABLISHED   

I have try to use policy routing instead static routing with same problem

My opnsense2 intercept syn sent, but syn reply is not intercepted (but is present and routed correctly)

Any ideas?
Thanks
September 28, 2020, 03:34:12 PM #1
Is a problem in my router,
i need to remove same interface routing
December 31, 2020, 06:42:03 AM #2
So I'm having the same problem between LANs on the SAME firewall.

I have only one OPNsense box.

My SSH sessions to my server on LAN 2 kept freezing up after about 30 seconds. At first, I thought my server was lagging, but problems went away the moment I was on the same LAN.

The only thing standing between LAN1 and LAN2 is this OPNsense box.

That being the case, OPNsense must be killing the Intra-LAN traffic after about 30 seconds.
April 14, 2021, 02:24:37 AM #3
Did you ever find a solution? I have the same problem with a static route and RDP sessions timeout after 30 seconds.
April 14, 2021, 04:03:00 AM #4
Probably if you enable the option to bypass firewall rules on same interface under settings somewhere it will fix this.
April 14, 2021, 05:49:29 AM #5
Yes that did the trick, thanks!
Print
Go Up Pages1
User actions