This 'Should" be Simple? Two devices same LAN can't talk on port 3310

Started by johnjces, May 21, 2025, 01:47:09 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 21, 2025, 01:47:09 AM
Good day!

This issue should be an easy one as I have had few issues getting firewall rules to work... until now. BTW, I have STFed and searched Google and haven't landed on the right recipe for a good search. Just like I haven't landed on a working firewall rule recipe!

I have a mail server on my LAN, IP 0.60 and my test installation of OPNSense on same LAN at IP 0.110. Both systems are up and running well and the email server, (Windows hMailServer), is live through my old router/firewall, but the OPNSense is not yet directly acting as my Internet Gateway. Getting everything ready for a cutover soon.

I have installed ClamAV on OPNSense and ticked the boxes to enable the service, freshclam and all the other 'stuff' needed so that ClamAV can communicate though  port 3310. No firewall is active on the Windows PC hosting the mail server so the port should not be blocked outbound or inbound.

It seems that both these boxes should be able to talk to each other without anything special needed like a firewall rule since they are both on the same LAN and within the IP scope. Well, they don't talk to each other.

So I have tried a variation of firewall rules, from swapping source and destinations and suing the LAN interface under firewall -> rules. I have made similar stuff work through my other interfaces, but I am stumped.

I have checked the firewall live logs and saw a couple of times that 0.60 is blocked through the WAN due to bogans being bloked on the WAN interface, which is not active. But, why in the world would this be wanting to go out through the WAN?

How can I check that port 3310 is in fact open on OPNSense?

I am stumped...

Thanks!

John

Any thoughts and help would be appreciated.

May 21, 2025, 03:45:10 AM #1
A netstat shows that ClamAV is only listening on 127.0.0.0 port 3310.

There was one post in this forum several years back regarding this. I would ask the developers to remove the option to open up port 3310 to other devices so that clamav could be used as this seems a long term issue.

Thoughts are still welcome.
May 21, 2025, 03:58:11 AM #2 Last Edit: May 21, 2025, 04:14:05 AM by OPNenthu
Quote from: johnjces on May 21, 2025, 01:47:09 AMI have a mail server on my LAN, IP 0.60 and my test installation of OPNSense on same LAN at IP 0.110.

Quote from: johnjces on May 21, 2025, 01:47:09 AMI have checked the firewall live logs and saw a couple of times that 0.60 is blocked through the WAN due to bogans being bloked on the WAN interface

Hi John, is your OPNsense WAN connected to your internal network?  This description isn't clear but it sounds like you may be in a router-behind-router (double NAT) situation.  That might explain bogons on WAN.

OPNsense blocks those by default.  You can change that in Interfaces->WAN.  Uncheck the option "Block private networks", and maybe bogons too if needed.  Once your OPNsense is connected directly to the internet though, you're going to want to change those back.
"The power of the People is greater than the people in power." - Wael Ghonim

Site 1 | N5105 | 8GB | 256GB | 4x 2.5GbE
Site 2 |  J4125 | 8GB | 256GB | 4x 1GbE
Print
Go Up Pages1
User actions