Hi, after installing zenarmor and config, next day i got the errormessage
"Possible deployment misconfiguration: devices with public IP addresses detected
Zenarmor's health check system detected 237 devices with public ip addresses associated with them. Usually this happens because of a interface tag misconfiguration in deployment settings. "
in my thinclient opnsense, theres 1 onboard lan and 4 on a risercard.
So from my internet modem to opnsense internet is coming in on the onboard lan, outgoing to wifi hotspot and lan switch on 2 of the 4 ports on the card...
wan is chosen onboard automatically correct by zenarmor.
i switched to "lan" as security zone on the 4 card ports, applied and restartet, when refreshing page, the scurity zones selection is gone again...
im not sure what to do or if i have done until here?
a bridge is configuered in opnsense for the 4 card ports, this should not be a problem?
i cant post attachments, baceuse theyre too big !? looks like were back in 2010.... :=)
thanks for any help!
casi
Hi,
Zenarmor tags an interface as WAN if it is a default GW in route table. Is this match to your case?
Hi, im not sure how to understand or check this.. Default Gateway in Routetable? The wan-interface is my onboard lan ,incoming from the internetmodem. I attach a picture, i think its as you asked for?
And by the way... i only see 1 device (ever) connect(ed) , my mobilephone... No other devices... WTF?
What you showed are routes that OPNsense knows. It will not show connected devices.
If you want to see what is connected to your OPNsense, If OPNsense is a GW for that device / subnet go and check the ARP table.
The TAGs in Zenarmor aka "ZONEs" are there to identify specific ZONEs like WAN, LAN, VPN etc. BY default you need two TAGs>
wan - which should be on your WAN interface
lan - which should be on your LAN interfaces or parent interface for the LAN
You can not misplace these, if you assign lan TAG on interface that carries WAN traffic you will get wrongly discovered endpoints and you will most likely see what you see.
You can not have LAN and WAN traffic on the same port or the same Parent port.
Regards,
S.