OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • one way firewall issue - missing "conntrack" - traffic to DMZ
« previous next »
  • Print
Pages: [1]

Author Topic: one way firewall issue - missing "conntrack" - traffic to DMZ  (Read 2188 times)

sb@plzk.de

  • Newbie
  • *
  • Posts: 1
  • Karma: 0
    • View Profile
one way firewall issue - missing "conntrack" - traffic to DMZ
« on: January 31, 2018, 01:06:34 pm »
Dear Users,

i can not find a suitable FW-rule to allow traffic to a DMZ-machine and letting pass the packages coming back.
I see the traffic entering the DMZ-machine and see traffic leaving, but the response is blocked by opnsense. Its plain http-traffic.

For all other traffic, RELATED/ESTABLISHED packages have been always allowed.

VPN-CLIENTS(10.8.2.0/24) <-----INTERNET------> VPN-GW (lan: 172.16.1.3)

                                                                                           Webserver (lan: 172.16.1.4)

Default-GW for DMZ (OPNSENSE) 172.16.1.254

Traffic goes from VPN-Client -> VPN-GW -> Webserver > Default-GW and then it gets blocked by OPNSENSE.

MY DMZ FW-Rule is:

IPv4 TCP   10.8.2.0/24   *   172.16.1.4   80 (HTTP)

Any idea?

any help is greatly appreciated.

thank you!

Stefan
Logged

  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • Archive »
  • 17.7 Legacy Series »
  • one way firewall issue - missing "conntrack" - traffic to DMZ
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2023 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2