OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: networker on August 13, 2017, 09:55:46 pm

Title: I caused a disaster...
Post by: networker on August 13, 2017, 09:55:46 pm

Hello,

First of all, I would like to thank the developers of this project for the amazing job they did.

Today, I installed the latest version of OpenSense in an ESXi VM in order to test it for a future project. The host server is on OVH network.

I was following the documentation and implementing some configuration items. My goal was to create a 1:1 NAT in order to protect a web server.

I used 2 public IPs for WAN and LAN respectively (both IPv4 that were parked offline for the last 12 months with no traffic).

I followed the instructions here:
https://docs.opnsense.org/manual/how-tos/transparent_bridge.html

Because I felt a bridge was needed to achieve what I wanted.

The next thing I know after creating OPT1 is that the appliance was very slow (4 Gb RAM + 2 Xeon CPUs). I went to the dashboard and the traffic on OPT1 was going over 250 Mbps.

I don't think it was an external attack. That network is very clean with zero history off attacks. There is also a sold DDOS protection in place.

I tried to stop the VM but it was too late. I got this email from OVH:

Code: [Select]

[TICKET#XXXXXX] Anti-hack

You server HOSTNAME has been placed in 'rescue' mode in order to prevent further problems.


sw.xxxxxx#show processes cpu sorted
CPU utilization for five seconds: 99%/22%; one minute: 99%; five minutes: 93%
 PID Runtime(ms)     Invoked      uSecs   5Sec   1Min   5Min TTY Process
 223    48263148   165070743        292 43.00% 39.76% 34.65%   0 HULC DAI Process
 158  3588557668   853423768       4204  9.01% 11.39% 12.87%   0 Hulc LED Process
 203    52958086   193512806        273  6.03%  6.50%  5.97%   0 IP Input
 129   367976555    34145966      10776  1.37%  1.26%  1.19%   0 hpm counter proc
 231     1498112     6118188        244  0.77%  0.93%  0.85%   0 Port-Security



Aug 13 16:46:50 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0050.5604.0c69 on port GigabitEthernet1/0/18.
Aug 13 16:47:03 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0050.5604.0c69 on port GigabitEthernet1/0/18.
Aug 13 16:47:24 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0050.5604.0c69 on port GigabitEthernet1/0/18.
Aug 13 17:14:36 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:14:41 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:14:46 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:14:51 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:14:57 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:15:02 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:15:07 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:15:12 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:15:17 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:15:22 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:15:27 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:15:32 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:15:37 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:15:42 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:15:47 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:15:52 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:15:57 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:16:02 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:16:07 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:16:12 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:16:17 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:16:22 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:16:27 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:16:33 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:16:38 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:16:43 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:16:48 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:16:53 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:16:58 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:17:03 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:17:08 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:17:13 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:17:18 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:17:23 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:17:28 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:17:33 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:17:38 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:17:43 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:17:48 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:17:53 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:17:58 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:18:03 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:18:08 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:18:13 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:18:18 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:18:23 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:18:29 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:18:34 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:18:39 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:18:44 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:18:49 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:18:54 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:18:59 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:19:04 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:19:09 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:19:14 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:19:19 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:19:24 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:19:29 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:19:34 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:19:39 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:19:45 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:19:50 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:19:55 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:20:00 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:20:05 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:20:10 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:20:15 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:20:20 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:20:25 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:20:30 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:20:35 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:20:40 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:20:45 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:20:50 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:20:56 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:21:01 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:21:06 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:21:11 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:21:16 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address ec30.91e0.df80 on port GigabitEthernet1/0/18.
Aug 13 17:21:21 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:21:26 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address ec30.91e0.df80 on port GigabitEthernet1/0/18.
Aug 13 17:21:31 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:21:36 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:21:41 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:21:46 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:21:51 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address ec30.91e0.df80 on port GigabitEthernet1/0/18.
Aug 13 17:21:57 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:22:02 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:22:07 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:22:12 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:22:17 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:22:22 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:22:27 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:22:32 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:22:37 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:22:42 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:22:47 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:22:52 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:22:57 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:23:03 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:23:08 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 001e.13f9.af00 on port GigabitEthernet1/0/18.
Aug 13 17:23:13 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:23:18 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:23:23 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.
Aug 13 17:23:28 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:23:33 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0101 on port GigabitEthernet1/0/18.
Aug 13 17:23:38 GMT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0007.b400.0102 on port GigabitEthernet1/0/18.




The ESXi host was put in rescue mode and labeled as hacked.

I contacted OVH with some apologies then restarted the host in normal mode but kept the OPNSense VM offline (powered off).

Here are the MAC address I used for my interfaces:

em0 (WAN) - (MAC: 4E) 00:50:56:09:8a:4e
em1 (LAN) - (MAC: 00) 00:50:56:0c:e1:00


This can help you to read the  message above.

I don't know what happened. Maybe I caused a loop between the LAN / WAN interfaces and the OVH port.

I can try to power on the VM without connecting it and try to grab a config from the console access.

Title: Re: I caused a disaster...
Post by: pongafence on August 13, 2017, 10:56:42 pm

Hi there,

Why are you using a 1:1 NAT?  If you were wanting to create layer of protection, creating a 1:1 NAT would only publish everything anyway.

I would recommend just using Port Forward if you are wanting to protect your server, as only ports that you specifically publish is available.

I use OVH as well, and have had no problems.

Title: Re: I caused a disaster...
Post by: networker on August 13, 2017, 11:19:45 pm

Hi thank you for your the suggestion.

I used a Cisco ASA before. There, for a server 1:1 was the way to go. The server would have a private IP in the DMZ and its public IP will be held by the ASA and 1:1 translated. This would allow a fixed IP for the server but forces all traffic through the firewall where it can be analysed. Also, not everything is forwarded but only defined services (ports / protocols)

Title: Re: I caused a disaster...
Post by: pongafence on August 14, 2017, 01:04:44 pm

Ah I see.  Well with running OPNsense like this, you no longer need too.

But here's how you achieve it with OVH.

• Get a Fail-Over IP
• Assign Virutal MAC to Fail-Over IP
• Assign Virtual MAC to the Public Interface of your Firewall VM
• Create Private Network between Firewall VM and server(s)

Title: Re: I caused a disaster...
Post by: pongafence on August 14, 2017, 02:06:14 pm

Also the reason for the fault is because the IP address that OVH have assigned to your server, CANNOT be assigned to a VM within your server. :)

Refer to this Doco..

http://docs.ovh.ca/en/guides-network-bridging.html

Title: Re: I caused a disaster...
Post by: networker on August 14, 2017, 03:57:39 pm

Thank you for these details.

I will try this later but on a non production server :)

Title: Re: I caused a disaster...
Post by: pongafence on August 15, 2017, 01:18:36 am

No worries.  If you need some help, shoot me a PM.