Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
No access or communication for servers beyond the firewall
« previous
next »
Print
Pages: [
1
]
Author
Topic: No access or communication for servers beyond the firewall (Read 7036 times)
krunnal
Newbie
Posts: 5
Karma: 0
No access or communication for servers beyond the firewall
«
on:
November 10, 2016, 06:00:29 pm »
Hi,
We are new to opnsense. We installed opnsense, have setup the wan and lan interface. I can get the GUI via lan and also managed to enable web GUI. but thats pretty much we have managed to do.
We are just not able to ping the servers connected behind PFsense. To give an overview..
A public IP is asspciated to the WAN (which i can access remotely). The LAN interface is connected to a switch. There are multiple machines attached to the switch each with a public IP. We want to access these machines via RDP or any possible uses but it seems pfsense is blocking all requests.
Our current firewall rules are as open,,attached img below.
Logged
bartjsmit
Hero Member
Posts: 2016
Karma: 194
Re: No access or communication for servers beyond the firewall
«
Reply #1 on:
November 10, 2016, 06:25:14 pm »
Any reason why you're not using DNAT for the internal hosts? If the reason is name resolution, look at split DNS.
Bart...
Logged
krunnal
Newbie
Posts: 5
Karma: 0
Re: No access or communication for servers beyond the firewall
«
Reply #2 on:
November 10, 2016, 06:40:37 pm »
Hi Bart
Thanks for the quick response. Actually thats how we started hoping it will be pretty straigt forward, but it wdidnt work..so we started working backwards trying to make it simpler. ...until we reached a stage where we are looking to atleast manage a ping keeping all rules open. Once we get this we plan to build on it. Right now we just can pinpoint the issue. I thoight it must be the switch the lan interface is connected to, but i can ping and connect my machines from internal network so am sure its not the switch.
For wan i can connect to my opnsense ui remotely. So that part is ok i guess.
Based on the attached image of rules set am i missing something? Thanks again.
Logged
phoenix
Hero Member
Posts: 545
Karma: 58
Re: No access or communication for servers beyond the firewall
«
Reply #3 on:
November 10, 2016, 06:44:05 pm »
Do you actually have any DNS server(s) configured on your LNA or on the firewall?
You really do not want your firewall UI open to the internet, at the very least that's foolhardy and a security risk.
Logged
Regards
Bill
fabian
Hero Member
Posts: 2769
Karma: 200
OPNsense Contributor (Language, VPN, Proxy, etc.)
Re: No access or communication for servers beyond the firewall
«
Reply #4 on:
November 10, 2016, 06:46:19 pm »
Maybe your hosts drop the traffic from wan.
Logged
krunnal
Newbie
Posts: 5
Karma: 0
Re: No access or communication for servers beyond the firewall
«
Reply #5 on:
November 10, 2016, 06:48:44 pm »
Yes for DNS. Its configured
actually the UI option is temporary as i can work on opnsense remotely to setup a dummy enviorment to test the network design before we go live.
Logged
bartjsmit
Hero Member
Posts: 2016
Karma: 194
Re: No access or communication for servers beyond the firewall
«
Reply #6 on:
November 10, 2016, 07:17:48 pm »
If your firewall interface is accessible from the WAN, you may have the LAN and WAN interfaces mixed up. OPNsense's web interface should only be accessible on the LAN interface. As Bill said, having it accessible from the internet is a bad idea.
For safety, keep the WAN interface down and ensure that you can reach the web configuration from internal clients on a RFC 1918 range using the LAN interface. Then enable the WAN connection and confirm you can ping 8.8.8.8 from the firewall and internal clients before setting up port forwarding.
Bart...
Logged
krunnal
Newbie
Posts: 5
Karma: 0
Re: No access or communication for servers beyond the firewall
«
Reply #7 on:
November 10, 2016, 08:15:42 pm »
Hi An update based on previous inputs.
We checked the Dashboard the IP assigned to WAN and LAN seem correct. Just to cross chekc though we interchanged the cables..but then were not able to access GUI through LAN. So i am assuming the current interfaces is fine.
Regarding the testing..we used the " Interfaces: Diagnostics: Ping>>" option to check the pings. We were able to ping from
WAN to outside IP
LAN to outside IP
Local + Default to outside IP
But when we tried to ping to the webserver that is behind the Firewall the ping failed for all aboove options.
FOR testing private ip assigned to a server behind firewall. We were able to ping
Default to Private IP
Lan to Private IP
Thanks
Logged
krunnal
Newbie
Posts: 5
Karma: 0
Re: No access or communication for servers beyond the firewall
«
Reply #8 on:
November 11, 2016, 02:10:01 pm »
Hi,
Can anybody guide us on this...some direction. We are not able to ping to the server behind the firewall..
Logged
Zeitkind
Full Member
Posts: 180
Karma: 27
Re: No access or communication for servers beyond the firewall
«
Reply #9 on:
November 12, 2016, 05:21:09 pm »
Not sure how you test them, because there are some caveats around that. From exactly where to where do you test the connection? Just to avoid typical pitfalls.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
No access or communication for servers beyond the firewall