Post by: W0nderW0lf on August 26, 2020, 09:14:29 am
I use 2 Workstations. The one is Linux for working and experimenting and the other is Windows to play games, paying bills and surf the internet. Since yesterday I tried to switch my Windows from my Router Network to behind OPNsense. I had to revert this step, because I couldn't run some of my gaming services like Battle.net or Star Citizen.
I've searched the Internet for a solution, but everything that I could find was related to XBox, PS4 or Steam. All of them required a Static Port NAT Outbound rule and also the UPnP-Service. Establishing the same for a Windows PC, just to play some games for an hour, is IMO not worth the effort and a high security risk.
I found out that Suricata is bottlenecking here. When I disabled Suricata, every Gameservice worked as intended. Unfortunately Suricata isn't providing any information on why or how these Services are getting blocked. Since Suricata is actively preventing some Attackers/Scanners from outside, I don't want to disable it for a longer period of time for testing purposes.
IMO - OPNsense is a must have for every home administrator. But gaming and Networksecurity is a Topic that needs to be further developed, to establish a better support for every homedevice. In some years my Son will join me online. I hope that until that day, we can safely run our Computer behind Opnsense without having to care about security.
I will try my best to find out myself on what need's to be done to get things right without digging holes into the firewall. But I am no NetSec pro. I am still new to the project and try the best I can, but it would be nice to know that someone out there could help.
Post by: lfirewall1243 on August 26, 2020, 02:16:37 pm
Post by: W0nderW0lf on August 26, 2020, 02:30:02 pm
Post by: lfirewall1243 on August 26, 2020, 02:30:57 pm
Post by: W0nderW0lf on August 26, 2020, 03:26:10 pm
I additionally disabled and cleared ET telemetry emerging-games completely
Post by: lfirewall1243 on August 26, 2020, 03:58:44 pm
Than it should send an alert when you try to play games.
After that you know which rule was the problem
Post by: W0nderW0lf on August 26, 2020, 04:31:17 pm
Dont know what else I can do.
Post by: lfirewall1243 on August 26, 2020, 07:04:29 pm
Post by: lfirewall1243 on August 26, 2020, 07:07:01 pm
Post by: W0nderW0lf on August 27, 2020, 09:13:18 am
The Firewall rules shown here is from the Windows client. It's not from the default LAN Interface
Post by: W0nderW0lf on August 27, 2020, 09:14:17 am
Post by: lfirewall1243 on August 27, 2020, 09:16:27 am
I hope that helps you. I have no special WAN rule. It's on default.The rules are all set to drop.
The Firewall rules shown here is from the Windows client. It's not from the default
Switch them to alert.
And try to change the interface from WAN to LAN
Post by: W0nderW0lf on August 27, 2020, 09:26:49 am
I'll change the interface and give you feedback ASAP.
Post by: W0nderW0lf on August 27, 2020, 09:29:06 am
I already have sensei on all non WAN interfaces running.
Of course I turned Sensei off, when I was testing. I think it might break things, if I change the Interface from WAN to LAN, where Sensei already is listening on, or?
Post by: W0nderW0lf on August 27, 2020, 09:57:45 am
Post by: W0nderW0lf on August 27, 2020, 09:58:48 am
Post by: W0nderW0lf on August 27, 2020, 10:08:05 am
Post by: W0nderW0lf on August 27, 2020, 11:29:56 pm
After this huge Attack on my Linux Client, I thought it would be the best to backup opnsense and reinstall from new. Just in case opnsense has been compromized.
Turns out, this was the best decision of the day. Because, before and after the Upgrade from 20.1.9 to 20.7.1, I experienced some little bugs in opnsense like configctl timeouts and similar.
After Reinstalling with Base Image 20.7, updating to 20.7.1 I saw that none of the previous experienced bugs reappeared. I restored the previous made backup, activated and reloaded all suricata rules. A short while later, I saw in suricata the first ICMP blocks. Seemed like suricata was working again and doing it's job.
Later that evening, I turned on my Windows and started playing after that long day. But I forgot to switch the LAN cable from my non opnsense router back, so I could connect to blizzard. I didn't realize that Windows was still connected to opnsense. I wondered what went wrong and almost shit my pants, because I thought that suricata has stopped working and I have been compromised again.
When I checked the logs, I finally saw that Suricata has managed to alert a connection to blizzard
I changed nothing in Suricata. This tells me, that it somehow was bugged at some point. Now I can easily connect to blizzard and Star Citizen again...
Take a look:
Post by: FullyBorked on August 28, 2020, 04:36:49 pm
Btw ...
I already have sensei on all non WAN interfaces running.
Of course I turned Sensei off, when I was testing. I think it might break things, if I change the Interface from WAN to LAN, where Sensei already is listening on, or?
You should only have Sensei on your LAN interfaces it's not meant to be on WAN. Suricata can be ran on WAN, but Sensei and Suricata can't be on the same interfaces.
I have Sensei enabled on my LAN, and Suricata on my WAN1, WAN2, and DMZ. I have outbound nat set to Static (there is only a very small hit to security here). I also have UPnP setup, but it's rarely used I almost never see anything in status except for a few games. I'll argue security here isn't a huge issue as long as you keep an eye on it. I wouldn't have it in my corp environments but at home it's convenient and fine with me. battle.net works just fine for me, I don't play star citizen though so can't speak to that.
My advice would be to slow down a bit. Disable everything extra, disable Sensei, disable Suricata. Get your games working then slowly enable things until it stops working then you'll know where to focus your energy.
Post by: W0nderW0lf on August 28, 2020, 04:48:00 pm
I only mentioned this, because of the Ifirewall's advice. I wasn't 100% sure, but I know this myself.
I have it on all (non) WAN interfaces ... This means, I have it on all interfaces that are not directed to WAN...
Just LAN ...
Of course I know that you should only place it on non WAN interfaces, because sensei is advising this to you when you install it.
I also said, I uploaded my back up and it worked.
A back up places every setting as it was before. This also means, that I haven't done any config change in sensei or OPNsense itself. It was truly some kind of bug related to suricata.
My advice to you would be, read carefully before giving advices.
Post by: FullyBorked on August 28, 2020, 04:56:31 pm
without meaning it badly, but did u even read?
I only mentioned this, because of the Ifirewall's advice. I wasn't 100% sure, but I know this myself.
I have it on all (non) WAN interfaces ... This means, I have it on all interfaces that are not directed to WAN...
Just LAN ...
Of course I know that you should only place it on non WAN interfaces, because sensei is advising this to you when you install it.
I also said, I uploaded my back up and it worked.
A back up places every setting as it was before. This also means, that I haven't done any config change in sensei or OPNsense itself. It was truly some kind of bug related to suricata.
My advice to you would be, read carefully before giving advices.
Yup, I misread very sorry to have offended you.
My advice to you would be less of an asshat when someone is just trying to help you for free, taking time out of their busy day and schedule to spread some knowledge and help out a fellow user.
Carry on I wish you well.
Post by: lfirewall1243 on August 28, 2020, 05:07:55 pm
So somehow a miracle has happened I cannot explain.So is it working now ?
After this huge Attack on my Linux Client, I thought it would be the best to backup opnsense and reinstall from new. Just in case opnsense has been compromized.
Turns out, this was the best decision of the day. Because, before and after the Upgrade from 20.1.9 to 20.7.1, I experienced some little bugs in opnsense like configctl timeouts and similar.
After Reinstalling with Base Image 20.7, updating to 20.7.1 I saw that none of the previous experienced bugs reappeared. I restored the previous made backup, activated and reloaded all suricata rules. A short while later, I saw in suricata the first ICMP blocks. Seemed like suricata was working again and doing it's job.
Later that evening, I turned on my Windows and started playing after that long day. But I forgot to switch the LAN cable from my non opnsense router back, so I could connect to blizzard. I didn't realize that Windows was still connected to opnsense. I wondered what went wrong and almost shit my pants, because I thought that suricata has stopped working and I have been compromised again.
When I checked the logs, I finally saw that Suricata has managed to alert a connection to blizzard
I changed nothing in Suricata. This tells me, that it somehow was bugged at some point. Now I can easily connect to blizzard and Star Citizen again...
Take a look:
But just because you disable your network should be able to get compromised, if it is easy possible you have other problems than gaming.
More important would be, what is trying to compromise your Clients or are they already compromised?
Post by: lfirewall1243 on August 28, 2020, 05:10:06 pm
Enable them wisely, look what alerts are happening and set them to drop and test your network.
But not the way how you do it. Just causing a big chaos while looking for bugs
Post by: Momo9858 on August 28, 2020, 07:18:54 pm
รีวิวคาสิโนออนไลน์ (https://bbwconsulting.net/รีวิวคาสิโนออนไลน์/)