"Quote from: franco on August 30, 2017, 07:20:35 PMHe could create a port alias with those three ports. Then he needs only two NAT: Port Forward rules, one for each IP. No?
You'll need three separate rules under Firewall: NAT: Port Forward for each individual port.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#61
17.7 Legacy Series / Re: NAT, Port Forwarding, Firewall Rules, Public IPs
August 31, 2017, 10:37:59 AM #62
17.7 Legacy Series / Re: Traffic Shaping - Independent Link Padding to prevent ISP spying
August 31, 2017, 10:34:46 AM
Have you even read the article?
#63
17.1 Legacy Series / Re: Port 80 and 443 to more than one computer.
August 29, 2017, 03:33:11 PM
HAProxy is really cool once you figure out how it works.
A backend is just a collection of servers. ACLs (used below) are conditions.
In your case:
- create servers for your two Exchange boxes
- create one backend and put both servers into it
- create an ACL with name "example.com" -> Expression "host ends with" -> Value "example.com"
- create an ACL with name "example.net" -> Expression "host ends with" -> Value "example.net"
- create an action with name "example.com" -> test type "IF" -> ACL "example.com" -> choose action "use server" -> use server "first Exchange"
- create an action with name "example.net" -> test type "IF" -> ACL "example.net" -> choose action "use server" -> use server "second Exchange"
- create a frontend -> Listen address "your WAN address:80" -> actions "example.com", "example.net"
Now install the Let's Encrypt plugin and get certs for example.com and example.net (don't forget autodiscover. etc)
- create a frontend -> Listen address "your WAN address:443" -> SSL offloading enabled -> certificates "example.net", "example.com" -> actions "example.com", "example.net"
That should (broadly) cover it.
Edit: Don't forget to disable NAT for ports 80 and 443 and to add a firewall rule to allow access to 80 and 443.
A backend is just a collection of servers. ACLs (used below) are conditions.
In your case:
- create servers for your two Exchange boxes
- create one backend and put both servers into it
- create an ACL with name "example.com" -> Expression "host ends with" -> Value "example.com"
- create an ACL with name "example.net" -> Expression "host ends with" -> Value "example.net"
- create an action with name "example.com" -> test type "IF" -> ACL "example.com" -> choose action "use server" -> use server "first Exchange"
- create an action with name "example.net" -> test type "IF" -> ACL "example.net" -> choose action "use server" -> use server "second Exchange"
- create a frontend -> Listen address "your WAN address:80" -> actions "example.com", "example.net"
Now install the Let's Encrypt plugin and get certs for example.com and example.net (don't forget autodiscover. etc)
- create a frontend -> Listen address "your WAN address:443" -> SSL offloading enabled -> certificates "example.net", "example.com" -> actions "example.com", "example.net"
That should (broadly) cover it.
Edit: Don't forget to disable NAT for ports 80 and 443 and to add a firewall rule to allow access to 80 and 443.
#64
17.7 Legacy Series / Re: OPNsense 17.7 Static routes not working (for backwards traffic)
August 29, 2017, 01:44:45 PM
Grasping at straws now :)
Do the packets from B to A (sorry, had them reversed before) have the correct source address? Or does box B maybe NAT them before sending them to box A?
Do the packets from B to A (sorry, had them reversed before) have the correct source address? Or does box B maybe NAT them before sending them to box A?
#65
17.7 Legacy Series / Re: OPNsense 17.7 Static routes not working (for backwards traffic)
August 29, 2017, 01:22:13 PM
Looks good so far.
Any chance that ICMP is blocked somewhere, so that box B thinks box A is unreachable or something? Does OPNsense show box A as "up" under System -> Gateways -> Status? (You may have to enable gateway monitoring first)
Any chance that ICMP is blocked somewhere, so that box B thinks box A is unreachable or something? Does OPNsense show box A as "up" under System -> Gateways -> Status? (You may have to enable gateway monitoring first)
#66
17.7 Legacy Series / Re: OPNsense 17.7 Static routes not working (for backwards traffic)
August 29, 2017, 01:06:20 PM
Can you give us the subnets and netmasks for the networks involved?
#67
17.7 Legacy Series / Re: so why no detailed doc on firewall/nat settings?
August 25, 2017, 12:25:11 PM
I think opening up the documentation so you don't have to do all the work is the way to go.
I would be willing to contribute.
I would be willing to contribute.
#68
17.7 Legacy Series / Re: so why no detailed doc on firewall/nat settings?
August 24, 2017, 11:34:30 AM
I wondered about that as well when I started using OPNsense. Luckily I had used m0n0wall and pfSense before and the base concepts have stayed the same.
You can always have a look at the pfSense documentation
https://doc.pfsense.org/index.php/Category:Firewall_Rules
https://doc.pfsense.org/index.php/Category:NAT
as a starting point.
But I agree, OPNsense needs their own documentation on what is after all the core functionality of the product.
You can always have a look at the pfSense documentation
https://doc.pfsense.org/index.php/Category:Firewall_Rules
https://doc.pfsense.org/index.php/Category:NAT
as a starting point.
But I agree, OPNsense needs their own documentation on what is after all the core functionality of the product.
