News:

Welcome to the Home Network Guy forum!

Main Menu
Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - C18uj8Ms

#1
Hi HNG,
Thanks a bunch for the awesome material. I am configuring and learning my OPNSense router and I frequently refer to your pages.
I am trying to use a bunch of docker containers on a Raspberry Pi with their own IP address and I decided to use IPVLAN to have maximum control.
I have added a static route on OPNSense which specifies the Pi as a gateway for the subnets on the IPVLAN network even though there is an advisory note that says
QuoteDo not enter static routes for networks assigned on any interface of this firewall. Static routes are only used for networks reachable via a different router, and not reachable via your default gateway.
This largely works apart from the fact that my SSH connection keeps dropping. When FW optimizations are set to normal it lasts 30 seconds (same as the expiration value on Diagnostics-> Sessions) or 900 seconds for conservative.
Am I missing some setting?
Would it be possible to sort of recreate the static route with a firewall rule? Could this potentially solve my problem?
Cheers
#2
Hello,
A bit of a necrobump but I have kind of a similar problem.
What helped me resolve part of the issue was looking at Log Files -> Live View which will show you which rules are firing.

I think that there might be a bug in the OPNSense NAT -> Port Forward -> Add -> Filter rule association selection.

I have tried Add unassociated filter rule/Add associated filter rule and neither of them work. The only thing that works for me to do a port forward between 2 private networks is to use the Pass option.

On another note when creating an unassociated filter rule, I would expect that I would be able to edit this rule but I can't which makes me suspicious that there might be a bug there.

And finally, one of the reasons why I couldn't forward between private networks is because there was a rule by default to deny from private to private which you can deselect.