Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Firewall drop active connection between vlan
« previous
next »
Print
Pages: [
1
]
Author
Topic: Firewall drop active connection between vlan (Read 726 times)
alambin
Newbie
Posts: 1
Karma: 0
Firewall drop active connection between vlan
«
on:
November 24, 2023, 09:44:54 am »
Hello,
I have an issue with the firewall in OpnSense and VLANs.
So far I didn't get too many communication between the segregated servers but I'm try to have an active TCP connection and the connection cut after some times.
I performed some test and clearly, the OpnSense firewall is dropping the active connection.
Setup:
- VLAN A has a rule to allow everything on TCP/UDP
- VLAN B has a rule to allow everything on TCP/UDP
- No floating rules
- Firewall Optimization set to "convervative"
- Debian server A on VLAN A (no software firewall on the server)
- Debian server B on VLAN B (no software firewall on the server)
I was not able to keep a stable SSH or Samba connection between the 2 servers so I tried a simple echo server/client on TCP to understand what is going on.
I run a echo server on Server A which accept 1 TCP connection and reply back any message received with a prefix on the TCP.
I run a echo client on Server B which connect to Server A and send a timed message every 0.5 second and print the reply.
After 15min, the connection is dropped. The echo server doesn't detect the disconnection at all. The python echo client is blocked on the sending for few minutes before generating a timeout error. This behavior is very common when a firewall drop a connection.
Since the connection was active, message are sent on both direction, there is no reason for the firewall to drop it.
The firewall optimization was set to "Normal" at first but the connection got dropped after few second only in this mode.
From my search on internet, I didn't find any other option to change to fix the issue.
Any idea to solve the issue ?
Thanks,
Alex.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Firewall drop active connection between vlan