Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Doesn't understand that firewall behavior
« previous
next »
Print
Pages: [
1
]
Author
Topic: Doesn't understand that firewall behavior (Read 528 times)
kug1977
Newbie
Posts: 32
Karma: 4
Doesn't understand that firewall behavior
«
on:
May 31, 2024, 09:50:52 am »
Hi,
I'm kind of blind, where to look for issues anymore. It is OPNsense 24.1.7_4-amd64
I have two vLANs
020_equipment 10.1.20.1/23
100_trusted_clients 10.1.100.1/23
I have two floating rules, that have these interfaces assigned, saying
direction IN/OUT IPv4/IPv6 any to any, any protocoll
no further rules defined anywhere else
I can ping
10.1.20.1 to a device 10.1.21.20
10.1.100.1 to a device 10.1.20.1
but I
cannot
ping 10.1.101.68 to 10.1.21.20, while the life view of the firewall shows green for the ICMP packages.
Logged
Patrick M. Hausen
Hero Member
Posts: 6935
Karma: 584
Re: Doesn't understand that firewall behavior
«
Reply #1 on:
May 31, 2024, 09:55:27 am »
Does 10.1.21.20 have a proper default gateway configured?
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
meyergru
Hero Member
Posts: 1769
Karma: 172
IT Aficionado
Re: Doesn't understand that firewall behavior
«
Reply #2 on:
May 31, 2024, 10:00:41 am »
What types of clients are these?
Because if the firewall shows the ICMP packets as passing, I would guess that the target simply does not answer. This would be the case for Windows machines, which by default only answer to pings from their local subnet unless you change the local Windows firewall rules.
Logged
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005
1100 down / 440 up
,
Bufferbloat A+
kug1977
Newbie
Posts: 32
Karma: 4
Re: Doesn't understand that firewall behavior
«
Reply #3 on:
May 31, 2024, 01:37:20 pm »
the IP address 10.1.21.20 is assigned to a network printer.
This printer was reachable via HTTPS Admin GUI and pingable in the past. And it answers pings to the OPNsense, when using the built in ping command from the gateway of
020_equipment 10.1.20.1
010_trusted clients 10.1.100.1
but not from 10.1.100.68 or 10.1.101.68
and nothing changed on the printer setup. The only I changed was setting up the firewall fresh.
I checked the printers settings, it has
IP Address: 10.1.21.20
Subnet mask: 255.255.254.0
Gateway: 10.1.20.1
all given out by DHCP.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
24.1 Legacy Series
»
Doesn't understand that firewall behavior