"
@chemlud
@jp0469
Thank you. I believe I got this working.
@jp0469
Thank you. I believe I got this working.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#17
General Discussion / Re: LAN and IOT VLAN firewall rules
January 18, 2022, 04:07:25 PM
Thanks, I moved that to the top. How about rest of IOT and LAN rules look?
#18
General Discussion / LAN and IOT VLAN firewall rules
January 18, 2022, 03:11:16 PM
I have created a LAN and VLAN-IOT setup for my home office.
I simply want VLAN-IOT subnet to just have internet access but not the LAN access.
I am not an IT person and not sure the rules I created, with help of the Opnsense forum and internet, are valid and protects my network.
I would appreciate any feedback.
LAN Rules
IOT Rules
Aliases
I simply want VLAN-IOT subnet to just have internet access but not the LAN access.
I am not an IT person and not sure the rules I created, with help of the Opnsense forum and internet, are valid and protects my network.
I would appreciate any feedback.
LAN Rules
IOT Rules
Aliases
#19
22.1 Legacy Series / Re: IPS Crashes During Upload Portion of Speedtest
January 16, 2022, 02:23:44 AM
I saw the same thing, not sure if IPS crashed but WAN stopped getting IP address and it shoed in dashboard WAN IP 0.0.0.0. This is after running speed test.
I installed 21.7 and after some updates I am at 21.7.7 and I will stay here until things get better.
I installed 21.7 and after some updates I am at 21.7.7 and I will stay here until things get better.
#20
Intrusion Detection and Prevention / Re: Intrusion Prevention System setup in my firewall
January 08, 2022, 05:48:42 PMQuote from: meazz1 on January 08, 2022, 05:24:12 PMQuote from: RamSense on January 08, 2022, 08:14:32 AM
Your link does not work,
but this guide helped me:
https://homenetworkguy.com/how-to/configure-intrusion-detection-opnsense/#_
Thanks, I used the same link. I updated my link.
Did you use LAN or WAN setup? Did you make two policies, one for Alert and one for Drop?
#21
Intrusion Detection and Prevention / Re: Intrusion Prevention System setup in my firewall
January 08, 2022, 05:24:12 PMQuote from: RamSense on January 08, 2022, 08:14:32 AM
Your link does not work,
but this guide helped me:
https://homenetworkguy.com/how-to/configure-intrusion-detection-opnsense/#_
Thanks, I used the same link. I updated my link.
Did you use LAN or WAN setup?
#22
Intrusion Detection and Prevention / Intrusion Prevention System setup in my firewall
January 08, 2022, 04:40:41 AM
I am planning to follow this guide to enable Intrusion Prevention System using this guide. Will this give me basic protection?
https://homenetworkguy.com/how-to/configure-intrusion-detection-opnsense/#_
https://homenetworkguy.com/how-to/configure-intrusion-detection-opnsense/#_
#23
General Discussion / How do I undo a static mapping
September 26, 2021, 04:32:23 PM
I static mapped a MAC address from DHCPv4 --> Leases.
I don't see this MAC any where in here but the device is functioning.
How do I undo the static mapping?
I don't see this MAC any where in here but the device is functioning.
How do I undo the static mapping?
#24
General Discussion / Re: Creating Alias for PiHole and VLAN questios
July 27, 2021, 12:32:16 AMQuote from: Greelan on July 26, 2021, 12:17:38 PM
1. Just create a firewall rule like you did for the pihole? Unless you are also talking about broadcast discovery, in which you will need a plugin like udpbroadcastrelay
2. Host(s)
Thank you
#25
General Discussion / Creating Alias for PiHole and VLAN questios
July 25, 2021, 07:44:40 PM
I am setting up a new SOHO for my own use and I'm trying to move from my existing setup of one LAN for my home user and a VLAN for the IoT devices.
All my gears with static IP are residing in the LAN.
The devices are
Opnsense router: 192.168.4.1
Unifi 60W managed switch:192.168.4.2
Unifi AP-AC lite: 192.168.4.3
PiHole: 192.168.4.4
Unifi controller: 192.168.4.6
IoT VLAN20: 10.0.20.0/24
User VLAN 10.0.10.0/24
My goal is to keep all the devices and IPs as is. I already created a new VLAN10 where all the users laptops and pcs will be using VLAN10.
I have already created rules to block VLANs to access each other and LAN.
I created an alias for the Piholes and a allow rule to have my VLAN access it. I also have a rule to block any other DNS services for the VLANs.
I need to figure out 2 things:
1. How do I keep the printer in the LAN and have VLAN users share it?
2. For creating 2 Piholes alias what is the "Type" in the alias window? Is it hosts or networks?
For Type should it be Hosts in the dropdown or Networks?
All my gears with static IP are residing in the LAN.
The devices are
Opnsense router: 192.168.4.1
Unifi 60W managed switch:192.168.4.2
Unifi AP-AC lite: 192.168.4.3
PiHole: 192.168.4.4
Unifi controller: 192.168.4.6
IoT VLAN20: 10.0.20.0/24
User VLAN 10.0.10.0/24
My goal is to keep all the devices and IPs as is. I already created a new VLAN10 where all the users laptops and pcs will be using VLAN10.
I have already created rules to block VLANs to access each other and LAN.
I created an alias for the Piholes and a allow rule to have my VLAN access it. I also have a rule to block any other DNS services for the VLANs.
I need to figure out 2 things:
1. How do I keep the printer in the LAN and have VLAN users share it?
2. For creating 2 Piholes alias what is the "Type" in the alias window? Is it hosts or networks?
For Type should it be Hosts in the dropdown or Networks?
#26
General Discussion / Re: Help with firewall - trying to setup LAN, VLAN10 & VLAN20
June 11, 2021, 02:27:07 AM
My DNS server is Pihole in 192.168.4.0/24 address.
#27
General Discussion / Re: Help with firewall - trying to setup LAN, VLAN10 & VLAN20
June 09, 2021, 12:34:37 AM
My main concern is to use the devices that already have static IPs in 192.168.4.0/24 network. I don't want to change the IP addresses to new Vlan10's IP.
Not only Pihole but devices like, printer, AP-AC lite, switches etc that are 192.168.4.0/24 static addressed.
If I can keep these 10 192.168.4.0/24 and still access from my VLAN10 I am ok with that.
Not only Pihole but devices like, printer, AP-AC lite, switches etc that are 192.168.4.0/24 static addressed.
If I can keep these 10 192.168.4.0/24 and still access from my VLAN10 I am ok with that.
#28
General Discussion / Help with firewall - trying to setup LAN, VLAN10 & VLAN20
June 06, 2021, 11:45:04 PM
This is what I'm trying to setup but I think I need to do something in the firewall to allow PiHole DNS and other devices from Lan to VLAN10 access.
LAN 192.168.4.0/24 -MGT
VLAN10- 10.0.10.0/24 -0 family use, laptop, PC etc
VLAN20- 10.0.20.0/24 - IoT
PiVPN 192.168.4.0/24 subnet. I want to open port for 51826 in the firewall and port forward to PiVPN IP address.
I have the following setup using static IP in 192.168.4.0/24 network - Route, Unifi switch, 2 Unifi AP-AC Lite access points, Pihole, printer.
2X Unifi access points have already been setup with Vlan10 & Vlan 20 profile. One SSID for home use another for IoT.
I want to use the Pihole from my management subnet to Vlan 10 for it's DNS and ad blocker. The Lan and Vlan10 can talk to each other, I don't need to restrict this. I'm trying to make it simple.
IoT Vlan20 will use DNS 8.8.8, no need for PiHole access.
Now, what would be the most simplest way i Can implement this? I probably need some firewall rules but not sure how to.
LAN 192.168.4.0/24 -MGT
VLAN10- 10.0.10.0/24 -0 family use, laptop, PC etc
VLAN20- 10.0.20.0/24 - IoT
PiVPN 192.168.4.0/24 subnet. I want to open port for 51826 in the firewall and port forward to PiVPN IP address.
I have the following setup using static IP in 192.168.4.0/24 network - Route, Unifi switch, 2 Unifi AP-AC Lite access points, Pihole, printer.
2X Unifi access points have already been setup with Vlan10 & Vlan 20 profile. One SSID for home use another for IoT.
I want to use the Pihole from my management subnet to Vlan 10 for it's DNS and ad blocker. The Lan and Vlan10 can talk to each other, I don't need to restrict this. I'm trying to make it simple.
IoT Vlan20 will use DNS 8.8.8, no need for PiHole access.
Now, what would be the most simplest way i Can implement this? I probably need some firewall rules but not sure how to.
#29
Documentation and Translation / Re: AdGuard Home setup guide
May 06, 2021, 12:08:34 AM
I have a LAN that I want to use AdGuard for DNS using any family shield service. And a VLAN to use 8.8.8.8.
Is that possible and how?
Is that possible and how?
#30
21.1 Legacy Series / Re: OpnSense isn't very set and forget.
March 17, 2021, 12:47:34 AM
Don't know what hardware you're using but my X86 running Opnsense never needs any rebooting or shows symptoms you described.
It only gets rebooted when I apply firmware updates.
It only gets rebooted when I apply firmware updates.
