PF blocking local LAN

[lilsense]

So how do I delete these two rules... Not sure how they got there

[newsense]

Those rules cannot be uninstalled, they magically appeared when you installed OPNsense and have been there making your machine a firewall ever since. Removing it would make the machine a router passing any traffic from an interface to the other.

[Seimus]

Well he can not magically remove it indeed but he can disable the firewall, making out of OPN a router  ;). On the other hand doing this as mentioned by newsense you will loose FW capabilities and become wide open to everything.


Look you definitely have somewhere a misconfiguration. 2 Hosts on a same broadcast domain will not communicate over a GW. Communication within the same VLAN happens on the same VLAN, the host are able to resolve the ARP thus get proper MAC for destination IP, which means they send the packet directly in between each other without need of intervention of L3.

Also your live log doesn't give any sense to me. You say a PC is not able to connect to a Pihole.
This means destination 10.10.10.10 port 80

But you clearly see from that live log entry you provided destination is your PC  10.10.10.234 port 60517

Code Select Expand


__timestamp__ 2024-02-24T12:50:44-05:00
ack 3692531448
action [block]
anchorname
datalen 0
dir [in]
dst 10.10.10.234
dstport 60517
ecn
id 0
interface vlan03
interface_name INTLOCAL

Which means this is the returning packet most likely. Do you see any packet being dropped with destination 10.10.10.10 port 80? Because if not only Pihole tries to always talk over GW if yes both of your devices tent to talk over a GW, and not directly over the L2. Which points to a fact for some reason they are not on the same broadcast domain. Or for some reason they forward the traffic to GW instead forwarding it directly to each other within the VLAN.

I am using a Pihole as well, it has a static IP/MASK and does VLAN TAGGING. And devices talking to this Pihole communicate directly, packets that go and come for the Pihole are not being seen hitting the OPN at all.

Regards,
S.

[Saarbremer]

Look you definitely have somewhere a misconfiguration.

We cannot conclude this as OP very strongly wants this to be a VLAN/OPNsense issue

[Patrick M. Hausen]

I call netmask/prefix-length misconfiguration.

[Seimus]

I call netmask/prefix-length misconfiguration.

+1, as its most likely the cause of such issues.

Regards,
S.

[lilsense]

Thanks Seimus.

I went back and look at the VLAN configuration and the interface was on the wrong VLAN. Now, I am not sure how this could happen as no network changes have been made... but Thanks for the Tagging reminder.

didnt work... I'll redo the connections... It's not the subnets or the prefix. It looks like the switch has many misconfigured ports which is very odd.

[Seimus]

Thanks Seimus.

I went back and look at the VLAN configuration and the interface was on the wrong VLAN. Now, I am not sure how this could happen as no network changes have been made... but Thanks for the Tagging reminder.

didnt work... I'll redo the connections... It's not the subnets or the prefix. It looks like the switch has many misconfigured ports which is very odd.

Thats the potential second most case of problems (VLANs) :). Let us know what you figured out.

Regards,
S.

[lilsense]

oh, well that was not it, either... I am going to roll back to 23.1 as my other apps are not working as well as I did not realize...