M0n0wall won't pass traffic on different LAN subnets unless “Bypass firewall rules” is checkedFirewall...
What are substitutions for coconut in curry?
Why does overlay work only on the first tcolorbox?
Employee lack of ownership
Can I use USB data pins as power source
Are all passive ability checks floors for active ability checks?
Did Ender ever learn that he killed Stilson and/or Bonzo?
How to explain that I do not want to visit a country due to personal safety concern?
How to write cleanly even if my character uses expletive language?
How difficult is it to simply disable/disengage the MCAS on Boeing 737 Max 8 & 9 Aircraft?
A diagram about partial derivatives of f(x,y)
Python if-else code style for reduced code for rounding floats
Print a physical multiplication table
Is honey really a supersaturated solution? Does heating to un-crystalize redissolve it or melt it?
Do I need to be arrogant to get ahead?
Is it normal that my co-workers at a fitness company criticize my food choices?
"of which" is correct here?
Math equation in non italic font
Why do tuner card drivers fail to build after kernel update to 4.4.0-143-generic?
Bach's Toccata and Fugue in D minor breaks the "no parallel octaves" rule?
If I can solve Sudoku, can I solve the Travelling Salesman Problem (TSP)? If so, how?
This word with a lot of past tenses
Why do newer 737s use two different styles of split winglets?
Why Choose Less Effective Armour Types?
What is the adequate fee for a reveal operation?
M0n0wall won't pass traffic on different LAN subnets unless “Bypass firewall rules” is checked
Firewall rules for using mtr/traceroute from LANSingle m0n0wall - Two LAN Subnets - How To SetupBlocking a network device from communicating with another device on the LANRouting between subnets on different vlans connected by a router/firewallMultiple network routingHow will the LAN to LAN firewall rule affect the traffic in the rest of the networkFirewall Logs in pfSense shows the WAN IP for NAT ConnectionsParallels and virtual firewall appliance between guest and hostRedirect from 1 IPv4 local subnet to another in pfSenseCan't connect to openVPN Server (pfsense)
I have a working configuration, but a question is bugging me.
The question centers around having multiple subnets on a single
interface.
LAN: 10.10.10.1/24
OpenVPN Server LAN IP: 10.10.10.250
OpenVPN Server virtual subnet: 10.11.10.0/24
LAN Static Route: (NET) 10.11.10.0/24 (GW) 10.10.10.250
With the Advanced option "Bypass firewall rules for traffic on the
same interface" is checked, everything works as expected.
But, If I uncheck "Bypass firewall rules...", and start a UDP or TCP
session from the 10.11.10.0 net to the 10.10.10.0 net, the forward
path works, but the return bath is blocked in m0n0wall. Even with
LAN Firewall Rules:
"Pass" any LAN-subnet to any/any
"Pass" any OpenVPN-subnet to any/any
The return (destination 10.11.10.XX) is always blocked in m0n0wall
(per firewall logging).
I am quite satisfied keeping "Bypass firewall rules..." checked, but
I want to understand why m0n0wall is dropping LAN subnet1 to LAN
subnet2 traffic in the firewall.
I've seen this same exact question posed multiple times elsewhere but never any sort of response. Hoping you guys can help.
Thanks in advance.
firewall freebsd pfsense openbsd
bumped to the homepage by Community♦ 12 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I have a working configuration, but a question is bugging me.
The question centers around having multiple subnets on a single
interface.
LAN: 10.10.10.1/24
OpenVPN Server LAN IP: 10.10.10.250
OpenVPN Server virtual subnet: 10.11.10.0/24
LAN Static Route: (NET) 10.11.10.0/24 (GW) 10.10.10.250
With the Advanced option "Bypass firewall rules for traffic on the
same interface" is checked, everything works as expected.
But, If I uncheck "Bypass firewall rules...", and start a UDP or TCP
session from the 10.11.10.0 net to the 10.10.10.0 net, the forward
path works, but the return bath is blocked in m0n0wall. Even with
LAN Firewall Rules:
"Pass" any LAN-subnet to any/any
"Pass" any OpenVPN-subnet to any/any
The return (destination 10.11.10.XX) is always blocked in m0n0wall
(per firewall logging).
I am quite satisfied keeping "Bypass firewall rules..." checked, but
I want to understand why m0n0wall is dropping LAN subnet1 to LAN
subnet2 traffic in the firewall.
I've seen this same exact question posed multiple times elsewhere but never any sort of response. Hoping you guys can help.
Thanks in advance.
firewall freebsd pfsense openbsd
bumped to the homepage by Community♦ 12 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
I have a working configuration, but a question is bugging me.
The question centers around having multiple subnets on a single
interface.
LAN: 10.10.10.1/24
OpenVPN Server LAN IP: 10.10.10.250
OpenVPN Server virtual subnet: 10.11.10.0/24
LAN Static Route: (NET) 10.11.10.0/24 (GW) 10.10.10.250
With the Advanced option "Bypass firewall rules for traffic on the
same interface" is checked, everything works as expected.
But, If I uncheck "Bypass firewall rules...", and start a UDP or TCP
session from the 10.11.10.0 net to the 10.10.10.0 net, the forward
path works, but the return bath is blocked in m0n0wall. Even with
LAN Firewall Rules:
"Pass" any LAN-subnet to any/any
"Pass" any OpenVPN-subnet to any/any
The return (destination 10.11.10.XX) is always blocked in m0n0wall
(per firewall logging).
I am quite satisfied keeping "Bypass firewall rules..." checked, but
I want to understand why m0n0wall is dropping LAN subnet1 to LAN
subnet2 traffic in the firewall.
I've seen this same exact question posed multiple times elsewhere but never any sort of response. Hoping you guys can help.
Thanks in advance.
firewall freebsd pfsense openbsd
I have a working configuration, but a question is bugging me.
The question centers around having multiple subnets on a single
interface.
LAN: 10.10.10.1/24
OpenVPN Server LAN IP: 10.10.10.250
OpenVPN Server virtual subnet: 10.11.10.0/24
LAN Static Route: (NET) 10.11.10.0/24 (GW) 10.10.10.250
With the Advanced option "Bypass firewall rules for traffic on the
same interface" is checked, everything works as expected.
But, If I uncheck "Bypass firewall rules...", and start a UDP or TCP
session from the 10.11.10.0 net to the 10.10.10.0 net, the forward
path works, but the return bath is blocked in m0n0wall. Even with
LAN Firewall Rules:
"Pass" any LAN-subnet to any/any
"Pass" any OpenVPN-subnet to any/any
The return (destination 10.11.10.XX) is always blocked in m0n0wall
(per firewall logging).
I am quite satisfied keeping "Bypass firewall rules..." checked, but
I want to understand why m0n0wall is dropping LAN subnet1 to LAN
subnet2 traffic in the firewall.
I've seen this same exact question posed multiple times elsewhere but never any sort of response. Hoping you guys can help.
Thanks in advance.
firewall freebsd pfsense openbsd
firewall freebsd pfsense openbsd
asked Jul 7 '11 at 16:35
Zen MasterZen Master
6614
6614
bumped to the homepage by Community♦ 12 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
bumped to the homepage by Community♦ 12 mins ago
This question has answers that may be good or bad; the system has marked it active so that they can be reviewed.
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Where "Bypass firewall rules .." fixes things of that nature, it's most always because you have asymmetric routing. If the firewall only sees half of the connection it can't properly track state and ends up dropping traffic, hence the reason for that option (which passes that traffic without trying to keep state).
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f287973%2fm0n0wall-wont-pass-traffic-on-different-lan-subnets-unless-bypass-firewall-rul%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Where "Bypass firewall rules .." fixes things of that nature, it's most always because you have asymmetric routing. If the firewall only sees half of the connection it can't properly track state and ends up dropping traffic, hence the reason for that option (which passes that traffic without trying to keep state).
add a comment |
Where "Bypass firewall rules .." fixes things of that nature, it's most always because you have asymmetric routing. If the firewall only sees half of the connection it can't properly track state and ends up dropping traffic, hence the reason for that option (which passes that traffic without trying to keep state).
add a comment |
Where "Bypass firewall rules .." fixes things of that nature, it's most always because you have asymmetric routing. If the firewall only sees half of the connection it can't properly track state and ends up dropping traffic, hence the reason for that option (which passes that traffic without trying to keep state).
Where "Bypass firewall rules .." fixes things of that nature, it's most always because you have asymmetric routing. If the firewall only sees half of the connection it can't properly track state and ends up dropping traffic, hence the reason for that option (which passes that traffic without trying to keep state).
answered Jul 9 '11 at 3:37
Chris BuechlerChris Buechler
2,8461016
2,8461016
add a comment |
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f287973%2fm0n0wall-wont-pass-traffic-on-different-lan-subnets-unless-bypass-firewall-rul%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown