Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
"default deny rule", the nightmare.
« previous
next »
Print
Pages:
1
[
2
]
Author
Topic: "default deny rule", the nightmare. (Read 9645 times)
franco
Administrator
Hero Member
Posts: 17660
Karma: 1611
Re: "default deny rule", the nightmare.
«
Reply #15 on:
February 20, 2022, 05:31:29 pm »
That change should make no difference here. It relates to traffic inbound to loopback address.
Cheers,
Franco
Logged
Anyel
Newbie
Posts: 11
Karma: 0
Re: "default deny rule", the nightmare.
«
Reply #16 on:
March 04, 2022, 11:08:43 pm »
After upgrading to 22.1.2_1. same problem.
Logged
Vilhonator
Full Member
Posts: 245
Karma: 13
Re: "default deny rule", the nightmare.
«
Reply #17 on:
March 05, 2022, 08:46:59 am »
Check the order of your firewall rules on each network. By default, rules are followed from top to bottom, so if you have blocked some network gaining access to any hosts on network where your alias hosts lie, you have to move rule allowing the access above the block rule.
If you are trying to get HTTPS work, then go to Firewall ---> NAT, create new rule, interface is the interface of a network to which alias host belongs to, direction is out, source is "XXX net" destination is alias destination port is http, redirect to is your alias and redirect port is https, also set "NAT reflection" to enable, then apply and save changes.
After that you go to Rules ---> select your network where your alias is and make sure the port forwarding rule is there and move it above to any rules that might block the connection
Only point where you need to use firewall rules to allow connections between internal networks, is when network in question don't have "allow all" default rules and / or block rules between eachother.
Oh, and obviously make sure server you are trying to connect to is listening HTTPS port and also it's firewall isn't blocking https <---- has been reason why my servers haven't worked as they should quite a few times ^^
«
Last Edit: March 05, 2022, 08:51:17 am by Vilhonator
»
Logged
Anyel
Newbie
Posts: 11
Karma: 0
Re: "default deny rule", the nightmare.
«
Reply #18 on:
March 05, 2022, 09:25:33 pm »
@Fright - Network is very simple.
It is a cloud/kvm environment. There is a mandatory gateway (layer 3), 10.0.0.1, with a NAT for 10.0.0.2 (OPNSENSE). In the environment, there is a route for all destinations to go through 10.0.0.2 (0.0.0.0/0 via 10.0.0.2). DHCP is done by 10.0.0.1 and it is not possible to change that, to get to 10.0.0.2 it is necessary to go through 10.0.0.1, also not possible to change. Everything worked fine for a long time.
Got it, @Vilhonator, and there's already been tested evertything in NAT. It doesn't change anything at all, I spent a couple of hours testing again it now, nothing. What really makes it work is change state tracking to none. Nothing else worked.
Logged
Print
Pages:
1
[
2
]
« previous
next »
OPNsense Forum
»
Archive
»
22.1 Legacy Series
»
"default deny rule", the nightmare.