OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 20.7 Legacy Series »
  • Gateway group: difference in handling between OPNsense and pfSense
« previous next »
  • Print
Pages: [1]

Author Topic: Gateway group: difference in handling between OPNsense and pfSense  (Read 1538 times)

afan

  • Newbie
  • *
  • Posts: 26
  • Karma: 2
    • View Profile
Gateway group: difference in handling between OPNsense and pfSense
« on: January 24, 2021, 07:17:10 pm »
Hi,

I'm trying to move my firewall from pfSense to OPNsense but am a bit puzzled regarding Gateway Groups.
In the MultiWAN guide I read that when picking a GW group for a particular network, traffic intended for the firewall itself will be routed wrongly:

Quote
This rule will utilize the gateway group for all traffic coming from our LAN network. This also means that traffic intended for the firewall itself will be routed in this (wrong) direction. That is why Step 5 is needed for our DNS traffic going to and coming from our DNS forwarder on the firewall itself.

My pfSense is at 10.0.0.1 and has GW groups configured for the interface.
My OPNsense is at 10.0.10.18 currently and has similar GW groups configured.
No particular firewall rules are added for DNS traffic on either system.

Code: [Select]
C:\>nslookup
Default Server:  UnKnown
Address:  10.0.10.22

> server 10.0.10.1
Default Server:  [10.0.10.1]
Address:  10.0.10.1

> google.com
Server:  [10.0.10.1]
Address:  10.0.10.1

Non-authoritative answer:
Name:    google.com
Addresses:  2a00:1450:400e:809::200e
          216.58.211.110

> server 10.0.10.18
Default Server:  [10.0.10.18]
Address:  10.0.10.18

> google.com
Server:  [10.0.10.18]
Address:  10.0.10.18

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to [10.0.10.18] timed-out

---> Adding a rule to allow DNS traffic on OPNsense <---

> google.com
Server:  [10.0.10.18]
Address:  10.0.10.18

Non-authoritative answer:
Name:    google.com
Addresses:  2a00:1450:400e:80d::200e
          172.217.168.238

>
Can anyone explain why this is the case? What are the advantages of doing it the OPNsense way?
As it comes with annoyances: all services that need to be available on OPNsense need to have a firewall rule added. Not just DNS, but also SSH, Munin-node, ..., and this for all the interfaces/VLANs that exist.
« Last Edit: January 24, 2021, 07:19:39 pm by afan »
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 20.7 Legacy Series »
  • Gateway group: difference in handling between OPNsense and pfSense
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2