one way firewall issue - missing "conntrack" - traffic to DMZ

Started by sb@plzk.de, January 31, 2018, 01:06:34 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 31, 2018, 01:06:34 PM
Dear Users,

i can not find a suitable FW-rule to allow traffic to a DMZ-machine and letting pass the packages coming back.
I see the traffic entering the DMZ-machine and see traffic leaving, but the response is blocked by opnsense. Its plain http-traffic.

For all other traffic, RELATED/ESTABLISHED packages have been always allowed.

VPN-CLIENTS(10.8.2.0/24) <-----INTERNET------> VPN-GW (lan: 172.16.1.3)

                                                                                           Webserver (lan: 172.16.1.4)

Default-GW for DMZ (OPNSENSE) 172.16.1.254

Traffic goes from VPN-Client -> VPN-GW -> Webserver > Default-GW and then it gets blocked by OPNSENSE.

MY DMZ FW-Rule is:

IPv4 TCP   10.8.2.0/24   *   172.16.1.4   80 (HTTP)

Any idea?

any help is greatly appreciated.

thank you!

Stefan
Print
Go Up Pages1
User actions