"
Hello all
sorry for asking again...
Anyone on this?
TIA
sorry for asking again...
Anyone on this?
TIA
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
17.1 Legacy Series / HTTP+HTTPS transparent webproxy problem
June 16, 2017, 05:30:09 PM
Hello all
i'm facing a problem with http+https transparent webproxy.
Sites like google, facebook, apple and other give me an error says that the site implementing HSTS and the browsing was not permitted.
Already setup the firewall as per documentation.
The problematic domains (google.com, facebook.com etc) are in the 'no bump' list.
Imported the root CA cert from opnsense into PC i'm testing from (in the trusted root CAs).
Any ideas?
Thanks
i'm facing a problem with http+https transparent webproxy.
Sites like google, facebook, apple and other give me an error says that the site implementing HSTS and the browsing was not permitted.
Already setup the firewall as per documentation.
The problematic domains (google.com, facebook.com etc) are in the 'no bump' list.
Imported the root CA cert from opnsense into PC i'm testing from (in the trusted root CAs).
Any ideas?
Thanks
#3
16.7 Legacy Series / Re: Multi WAN setup and NAT reflection problem
October 24, 2016, 12:19:40 PM
Hello all
any lights on this?
TIA
any lights on this?
TIA
#4
16.7 Legacy Series / NAT port forward with multiple WAN
October 18, 2016, 04:13:07 PM
Hello all,
i've setup a new opnsense with multiple WAN (2 ISPs with load balancing):
OPNsense 16.7.6-amd64
FreeBSD 10.3-RELEASE-p9
OpenSSL 1.0.2j 26 Sep 2016
Now i'm facing 2 problems:
1) setup firewall rules (both rules and portforwards)
2) setup dyndns
For point 1) if i've understand, i should use floating rules with quick option for firewall rules. That will ensure that the rules are applied for both WAN interfaces regard the one the packets arrives on.
The question is about NAT rules.
I've already 30 nat rules in place on one of the WAN interfaces. Is it mandatory to copy the same NAT rules on the other WAN connection and keep them sincronized by hand each time i change something on one of them or are there some smart methods to keep the nat rules sincronyzed?
Or better off, are there some settings that can keep in count the multi WAN setup and helps in creating the rules once for both WAN interfaces?
The question abount Dyndns or other DNS provider:
What's the best approach to have a single DNS name for both the connections? (if is possible at all...)
Many thanks
i've setup a new opnsense with multiple WAN (2 ISPs with load balancing):
OPNsense 16.7.6-amd64
FreeBSD 10.3-RELEASE-p9
OpenSSL 1.0.2j 26 Sep 2016
Now i'm facing 2 problems:
1) setup firewall rules (both rules and portforwards)
2) setup dyndns
For point 1) if i've understand, i should use floating rules with quick option for firewall rules. That will ensure that the rules are applied for both WAN interfaces regard the one the packets arrives on.
The question is about NAT rules.
I've already 30 nat rules in place on one of the WAN interfaces. Is it mandatory to copy the same NAT rules on the other WAN connection and keep them sincronized by hand each time i change something on one of them or are there some smart methods to keep the nat rules sincronyzed?
Or better off, are there some settings that can keep in count the multi WAN setup and helps in creating the rules once for both WAN interfaces?
The question abount Dyndns or other DNS provider:
What's the best approach to have a single DNS name for both the connections? (if is possible at all...)
Many thanks
#5
16.7 Legacy Series / Multi WAN setup and NAT reflection problem
October 18, 2016, 03:58:12 PM
Hello all
i'm facing a problem with NAT reflection and multi WAN.
Just follwed the hot to here (https://docs.opnsense.org/manual/multiwan.html) for multi WAN (load balancing from 2 different ISPs).
So now i have 2 ISPs gateways (both Tier 1) grouped under unique WANGRP1 gateway.
I've also some firewall rules that's using NAT reflection (so i can access the natted public URLs from within the LAN).
In the Firewall>Rules>LAN tab, i've also setup the WANGRP1 gateway instead of *.
The problem is that untils the WANGRP1 is set on the LAN rule, the NAT Reflection seems stop working.
If I set the * instead of WANGRP1 in the gateway, the NAT reflection is back again and i can gain the natted URLs from the LAN as usual.
Any settings i forgot?
Something else?
OPNsense 16.7.6-amd64
FreeBSD 10.3-RELEASE-p9
OpenSSL 1.0.2j 26 Sep 2016
Many thanks
i'm facing a problem with NAT reflection and multi WAN.
Just follwed the hot to here (https://docs.opnsense.org/manual/multiwan.html) for multi WAN (load balancing from 2 different ISPs).
So now i have 2 ISPs gateways (both Tier 1) grouped under unique WANGRP1 gateway.
I've also some firewall rules that's using NAT reflection (so i can access the natted public URLs from within the LAN).
In the Firewall>Rules>LAN tab, i've also setup the WANGRP1 gateway instead of *.
The problem is that untils the WANGRP1 is set on the LAN rule, the NAT Reflection seems stop working.
If I set the * instead of WANGRP1 in the gateway, the NAT reflection is back again and i can gain the natted URLs from the LAN as usual.
Any settings i forgot?
Something else?
OPNsense 16.7.6-amd64
FreeBSD 10.3-RELEASE-p9
OpenSSL 1.0.2j 26 Sep 2016
Many thanks
#6
15.7 Legacy Series / Re: NAT doesn't work - SOLVED
December 30, 2015, 06:07:21 PM
Hello i would like to report that after disabling cheksum on both opnSense domU and opnSense Vifs, the issue was SOLVED.
The FreeBSD checksum bug seems to be solved a month ago, so i hope to see the patches applied in next release of opnSense.
Thanks to all for the support
The FreeBSD checksum bug seems to be solved a month ago, so i hope to see the patches applied in next release of opnSense.
Thanks to all for the support
#7
15.7 Legacy Series / Re: NAT doesn't work
December 30, 2015, 09:04:28 AM
Thank you very much cdburgess75.
I'll try the topic you've posted and eventually i'll report back to the list.
I'll try the topic you've posted and eventually i'll report back to the list.
#8
15.7 Legacy Series / [SOLVED] NAT doesn't work
December 29, 2015, 05:50:46 PM
Hello all,
just installed latest version of OPNsense on Xen host.
Just replaced a pfsense installation with the new OPNsense one.
Internet browing is OK, OpenVPN access to my lan from internt is ok, so the base setup must be ok.
What is puzzles me is NAT rules. I cannot get it to work at all. The rules are very basic and i've already tried out all the combinations of Source/Destination interfaces i can think off but without results.
Firewall logs said the traffic is permitted (pass) but after this step, nothing... so it must be something wrong in NAT rule - at least i think...
Could someone post a step-by-step howto in order to setup a very simple firewall/nat rule?
ie to open a https port from wan to a single address on lan?
Sorry for this stupid question.
Many thanks
just installed latest version of OPNsense on Xen host.
Just replaced a pfsense installation with the new OPNsense one.
Internet browing is OK, OpenVPN access to my lan from internt is ok, so the base setup must be ok.
What is puzzles me is NAT rules. I cannot get it to work at all. The rules are very basic and i've already tried out all the combinations of Source/Destination interfaces i can think off but without results.
Firewall logs said the traffic is permitted (pass) but after this step, nothing... so it must be something wrong in NAT rule - at least i think...
Could someone post a step-by-step howto in order to setup a very simple firewall/nat rule?
ie to open a https port from wan to a single address on lan?
Sorry for this stupid question.
Many thanks
Pages1
