Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
First rule passes, 30 seconds later blocks on default rule
« previous
next »
Print
Pages: [
1
]
Author
Topic: First rule passes, 30 seconds later blocks on default rule (Read 2708 times)
Sintenel
Newbie
Posts: 1
Karma: 0
First rule passes, 30 seconds later blocks on default rule
«
on:
June 15, 2021, 10:50:09 pm »
Hello Opnsense friends,
I have been struggling with some behavior on my opnsense firewall, where i would like to learn why this behavior is happening. Maybe the way i configured the rule is not best practice or something else is happening. Hopefully you can guide me in the right way.
Setup is quite simple, where i have 8 interfaces with 5 of them are VLANS for internal network traffic only.
In VLAN20 i have a management workstation, that should be able to access every VLAN in the network.
So i made the following rule:
https://ibb.co/c1jdmpd
https://ibb.co/4WTGzkJ
This works fine for almost everything, except for when i have SSH traffic from my management workstation to a SSH instance in VLAN10. The connection opens fine, and i can work for about 30 seconds and then the connection gets blocked by the default rule.
https://ibb.co/ZGXCnsQ
Anyone who can advice me on what i did wrong, or what is best practice in my case / setup? Should i split up the alias in multiple networks / rules?
Secondly, why does it pass and work normally for other traffic without going in the default block rule? There is no manual rule on the network that disallows SSH traffic.
Thank you very much.
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: First rule passes, 30 seconds later blocks on default rule
«
Reply #1 on:
June 16, 2021, 07:34:43 pm »
It's called state tracking violation. The pass rule will let go of the match when it encounters out-of-sequence packets, packets it's not supposed to see or on asymmetric routing.
The next best match is obviously the default deny rule for such traffic.
Cheers,
Franco
Logged
OldBotV0
Newbie
Posts: 3
Karma: 0
Re: First rule passes, 30 seconds later blocks on default rule
«
Reply #2 on:
August 11, 2021, 07:08:37 pm »
Franco, I've been struggling with the same problem of default deny rule popping up
on an established SSH session. No Vlans involved. Just two ports on the router with
192.168.{54,55}.* in use.
Can you suggest a solution? An additional rule? A settings change?
I'm a novice w.r.t. OPNsense/routers/firewalls.
«
Last Edit: August 11, 2021, 07:18:32 pm by OldBotV0
»
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: First rule passes, 30 seconds later blocks on default rule
«
Reply #3 on:
August 11, 2021, 08:43:54 pm »
Make sure the packets are in order and do not show up on different ports at the same time.
Cheers,
Franco
Logged
OldBotV0
Newbie
Posts: 3
Karma: 0
Re: First rule passes, 30 seconds later blocks on default rule
«
Reply #4 on:
August 12, 2021, 03:32:46 am »
Given that I'm just using a standard SSH connection, I've no idea what I might change to do that.
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: First rule passes, 30 seconds later blocks on default rule
«
Reply #5 on:
August 12, 2021, 10:58:44 am »
I don't know either but something in your setup in front of VLAN20 messes with the TCP connection. Is there a switch connected?
Cheers,
Franco
Logged
OldBotV0
Newbie
Posts: 3
Karma: 0
Re: First rule passes, 30 seconds later blocks on default rule
«
Reply #6 on:
August 12, 2021, 10:31:15 pm »
I'm not using any vlans, and the RasPi is directly connected to the OPNsense IOTnet port. The LAN port does go through two small dumb switches to get to the Linux box.
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: First rule passes, 30 seconds later blocks on default rule
«
Reply #7 on:
August 13, 2021, 01:47:07 pm »
Why do you name your Interface "VLAN20" if you don't use VLANs?
Oh right you are not the OP...
Cheers,
Franco
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
First rule passes, 30 seconds later blocks on default rule