IPv4 LAN access to WAN drops between hours and few days / Default firewall deny

[TomFreudenberg]

After running my setup always with the latest Opnsense release, I have an issue for about last 2 weeks.

Current release: OPNsense 22.1.4_1-amd64

Provider Vodafone germany / TV Cable

Suddenly routing from LAN outside to WAN / Internet stops

When checking the firewall - after that (whatever it might be) happens, the firewall log shows that my packets are running into "Default Deny rule" even that I have an outgoing IPv4 rule.

When logging into OpnSense (SSH) and using console, I can reach everything in the WAN Internet from the OpnSense Gateway.

BUT not from the LAN

Just running:

Code: [Select]

pfctl -d ; pfctl -e

or / and

Code: [Select]

configctl filter reload

does not work.

When running:

Code: [Select]

pfctl -d ; /usr/local/etc/rc.reload_all

everything is fine again immediately after "Configuring firewall ... Done" was printed

The mystic - all the time I can use IPv6 without an issue

---

I am very happy for any advise

...

I already have deleted the rule from firewall and re-entered it after restart ... without a different behaviour

[TomFreudenberg]

I can re-create that when rebooting my Vodafone (old) ConnectBox

I have a fix IPv4 address from provider and it seems that the OpnSense router has established existing connections but not new ones.

After reboot I could ping 8.8.8.8 from anywhere but could not get DNS for ping google.com

I had to restart all services (maybe just the interfaces are enough) and then everything runs fine.

The router itself could also not get IP for google.com when using Diag from WebGui

I could not see anywhere an event signaling reboot from bridged connect box

[TomFreudenberg]

This issue is still getting me crazy

It is not just the new Connect from ISP but also happens "random"

Any help is appreciated also for digging into debugging.

Thanks
Tom

[binoix]

Hello,

Are you in DHCP or static configuration for IPv4 on WAN ? (even though you have a fix address).

I may have run in similar issue, with no WAN connection after what looks like a DHCP renew on WAN:
2022-03-31T16:02:38   Error   opnsense   /usr/local/etc/rc.newwanip: IPv4 renewal is starting on 'igb1'   
2022-03-31T16:02:38   Notice   dhclient   Creating resolv.conf   
2022-03-31T16:02:38   Notice   dhclient   route add default 82.x.x.254   
2022-03-31T16:02:38   Notice   dhclient   New Routers (igb1): 82.x.x.254   
2022-03-31T16:02:38   Notice   dhclient   New Broadcast Address (igb1): 82.x.x.255   
2022-03-31T16:02:38   Notice   dhclient   New Subnet Mask (igb1): 255.255.255.0   
2022-03-31T16:02:37   Notice   dhclient   New IP Address (igb1): 82.x.x.x   
2022-03-31T16:02:37   Critical   dhclient   exiting.   
2022-03-31T16:02:37   Error   dhclient   connection closed   
2022-03-31T16:02:37   Error   dhclient   My address (82.x.x.x) was deleted, dhclient exiting

[TomFreudenberg]

Yes, I use DHCP for v4

and nearly same to me from log

2022-04-05T12:09:54   Notice   dhclient   Creating resolv.conf   
2022-04-05T12:09:54   Notice   dhclient   route add default 62.xxx.xxx.1   
2022-04-05T12:09:54   Notice   dhclient   New Routers (vtnet0): 62.xxx.xxx.1   
2022-04-05T12:09:54   Notice   dhclient   New Broadcast Address (vtnet0): 255.255.255.255   
2022-04-05T12:09:54   Notice   dhclient   New Subnet Mask (vtnet0): 255.255.248.0   
2022-04-05T12:09:54   Notice   dhclient   New IP Address (vtnet0): 62.xxx.xxx.164   
2022-04-05T12:09:54   Critical   dhclient   exiting.   
2022-04-05T12:09:54   Error   dhclient   connection closed   
2022-04-05T12:09:54   Error   dhclient   My address (62.xxx.xxx.164) was deleted, dhclient exiting