[Resolved] Home use "easy button" question

Started by Ymebp1991, August 19, 2024, 02:50:26 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
August 19, 2024, 10:36:01 PM #15
Quote from: Patrick M. Hausen on August 19, 2024, 07:15:20 PM
That internal gateway - is that a managed switch? Once you got the basics settled, you might want to investigate VLANs and how to use OPNsense as the internal router instead. But first things first.

It is, fully managed L2 switch. A Juniper ex4200. I have my ESXi host piped into it with a bunch of trunk ports, an entire other bunch of physical things like 3d printers and such as well.
September 05, 2024, 07:12:06 PM #16
Ok, so it took me a while to get everything rejiggered. I reinstalled from scratch, installed my monitoring plugins, setup the KEA DHCP server, setup a "LAN" gateway for the firewall itself and applied all that and low and behold everything flipping works! I mean smoothly, I have 2 port forwards to the same subnet as the LAN interface working like a charm.

Plex is working using the private domain in Unbound, and a simple NAT rule. All my other services on the LAN subnet are working as expected.

Now to the current issue and what my next steps should be.

Traffic is being blocked from my VLANs unless I create an explicit firewall rule to allow it. I created an any any rule for the LAN but that didn't work for any of the subnets behind my local routed switch. See logs below:
Code Select
LAN 2024-09-05T17:06:36 10.0.1.100:36436 52.16.96.58:443 tcp Default deny / state violation rule
LAN 2024-09-05T17:06:36 10.0.1.253:60322 162.159.140.167:443 tcp Default deny / state violation rule
LAN 2024-09-05T17:06:36 10.0.1.253:59754 162.159.140.167:443 tcp Default deny / state violation rule
LAN 2024-09-05T17:06:36 10.0.1.100:38264 54.73.190.247:443 tcp Default deny / state violation rule
LAN 2024-09-05T17:06:36 10.0.1.100:35326 8.8.8.8:53 udp Default deny / state violation rule
LAN 2024-09-05T17:06:36 10.0.1.100:35326 8.8.8.8:53 udp Default deny / state violation rule
LAN 2024-09-05T17:06:35 10.0.1.248:55142 8.8.4.4:53 udp Default deny / state violation rule
LAN 2024-09-05T17:06:33 10.0.1.253:56942 172.66.0.165:443 tcp Default deny / state violation rule
LAN 2024-09-05T17:06:32 10.0.1.253:56934 172.66.0.165:443 tcp Default deny / state violation rule

Before I add the second WAN link, I'd like to get this working correctly.

Any suggestions as to how to get the firewall to allow traffic in and out of the 10.x.x.x network?

Oh and I have a sneaking suspicion I know what was happening to cause these problems. I think because of how I had the routes setup before the firewall was sending it's LAN traffic to the switch (VLAN Gateway) for some traffic and sending to the WAN as a gateway for other traffic and that was confusing the hell out of it so it would just drop the packets. Not sure how I did that loop but looking at the logs before I wiped it, i'm almost certain that is what happened. This would totally explain the flapping of all the services like Netflix and Smartthings.
September 05, 2024, 07:12:55 PM #17
I forgot to say THANK YOU, to all the folks who offered assistance! Gratifying to get everything working this far =D. Thank you!!
September 06, 2024, 06:26:25 PM #18
I think I will mark this one resolved and start a new thread with the config challenges I have now. I have a couple experiments with rules going so hopefully one will work.

-Tory
Print
Go Up Pages 1 2
User actions