Messages

If I wanted to "no bump" source IPs how would I do this?

I just omit them from being redirected to squid altogether using counter rule on firewall forward (if not equal to no-bump-alias then forward).  Much easier this way.

Also easy: not using squid.  Talk about a time suck for marginal (if not questionable) return :(

Applied the changes, checked the content in pfTables (/ui/firewall/alias_util/) and added a host (192.168.1.1), pfTables looks good, alias content contains "1.1.1.1 www.nu.nl www.google.com 192.168.1.1".

If you have steps we can reproduce, I'll gladly try the same steps on my end.

I was doing exactly as you described to encounter the issue and it's still occurring.  I also attempted to flush the table and re-applying, as well as adding a specific IP rather than host name for dns resolution...neither populated the pfTable. :(

Please make sure you run an unmodified version of OPNsense (without previous patches applied), applying already installed patches might revert functionality.

To reinstall the core package:

Code Select Expand


pkg install -f opnsense


This is something I've never tried.  How confident can I be in retention of settings?  I've spent hours tweaking this installation and I'd hate to lose (much less remember) the countless configuration variables. 

Everyone saying it's easier never did it on it's own ;)

i finally got it working but was disappointed to find it was half the speed of openvpn via mullvad.  i'll have to circle back to it later after further development.

This is still goofed up for me.  I'm not sure that I should have applied these patches to 19.1.8 but my aliasing wasn't updating in the same manner reported by others.  After applying the patches it's still not updating, but also attempting to rectify the problem by using the "Quick add address" function via the pfTables /alias_util/ replaces 100% of the other addresses listed within the particular entry at /alias/.  Described otherwise:

/alias/ entry for "poo" contains:
poo.google.com
poo.amazon.com
poo.rundmc.com

pfTables tool at /alias_util/ reflects IP addresses for the above.

Adding "100.100.100.100" using pfTables tool at /alias_util/ results in:
- "poo" entry at /alias/ containing only 100.100.100.100 (all others erased)
- pfTables tool at /alias_util/ reflects IP addresses for all previous entries + 100.100.100.100

I keep reading that wireguard is "so much easier to setup than openvpn"...yet I honestly don't think I've spent more time trying to get something working in opnsense longer than I've spent with this.  Still not working!  ::)

check whether or not they've downloaded:
ls -al /var/db/aliastables

the revision date on mine is 3 days ago but i'm not certain how often it kicks off.

Running OPNsense 19.1.7 on a 6-port QOTOM I7 miniPC.  Numerous services to list, so I'll spare you unless you think there's one that may be causing this "problem".

In viewing firewall live log this afternoon I noticed numerous outbound connections with src WAN IP to many different (routed; e.g. 32.242.109.124) IPs at dst port 22.  On the surface it looked like an internal machine was scanning on behalf of C&C but then non-routed IPs (e.g. 0.195.6.134) started showing up with same config.

So, I don't think I've been pwned but I'd still like to figure out the source....particularly if this traffic is making it to the (routable) destinations. 

See attached screenshot from States Dump.  Masked block is my WAN address & there are hundreds of destinations not shown.

Any tips on how I might troubleshoot this?

EDIT: Thanks for moving this post over from 19.7 Dev Series!  :)

thanks for this!  8)