Messages

1

17.1 Legacy Series / [SOLVED] Re: NAT from same external network

« on: April 04, 2017, 09:23:12 pm »

Hello,

I got it.

Firewall > Settings > Advanced and check " Disable reply-to on WAN rules"

2

17.1 Legacy Series / [SOLVED] NAT from same external network

« on: March 30, 2017, 05:04:54 pm »

Hello,

I have 6 OPNSense firewalls running in HP Gen7 machines with raid disks and I have a little problem with nat rules.

We have the next scenario:

Gateway => 5.1.2.1/24
Firewall1 => 5.1.2.2/24
Firewall2 => 5.1.2.3/24
Another client => 5.1.2.254/24

In Firewall1 we make nat from internal ip 192.168.0.1:8000 to the wan 5.1.2.2:8000

We can access successfuly the machine behind the nat from all public ips but from 5.1.2.0/24 cannot and we don't know why.

It is a bit annoying because I have my machines behind firewall2 and I want to access the content from firewall1

Thanks!

3

16.7 Legacy Series / Re: [SOLVED] IPS Mode not working

« on: August 26, 2016, 08:25:53 am »

Hello,

I have it running fine wth e1000 driver and promiscuous mode enabled.

You cannot edit rules (or I can't see the option to edit), but you can add user defined actions in the "user defined" tab and you can enable/disable it in the "rules" tab.

4

Hardware and Performance / Re: New Mini PC Hardware

« on: August 25, 2016, 12:46:05 pm »

I'm waiting for this mini pc too, anyone know the max throughtput?

I'm buying it for testing purpose but If it goes OK I will deploy this firewall arround all the campings and hotels.

The main purpose is web filtering and intrusion detection, i do all the other stuff (radius, captive portal, etc)  with miktorik core routers.

5

16.7 Legacy Series / Re: [SOLVED] IPS Mode not working

« on: August 25, 2016, 12:01:27 pm »

I'm using oVirt that is based in KVM

Here you can find more info about oVirt: https://www.ovirt.org/
and about KVM: http://www.linux-kvm.org/page/Main_Page

6

16.7 Legacy Series / Re: SSH neighbor host

« on: August 24, 2016, 05:23:42 pm »

Hello,

Can mark as solved, misunderstanding with bogon networks option in WAN interface.

7

16.7 Legacy Series / Re: IPS Mode not working

« on: August 24, 2016, 05:12:51 pm »

Ok,

Can mark as solved, the issue was the network card, virtio is not compatible with ips as I can see, switched to e1000, reconfigured the network interfaces and all ok with ips and promiscuous.

Thanks phoenix for your help.

8

16.7 Legacy Series / Re: IPS Mode not working

« on: August 24, 2016, 09:34:48 am »

Hello,

I have read all the IPS and Intrusion detection related documentation and other people posts and no success.

I have no VLANS, no link aggregation.

My build is a virtual machine in the datacenter with 2 nics and direct internet access over the wan and in the lan side I have 1 cisco 2960-s switch, then a mikrotik ccr1036-4s for my laboratory network and a direct cat6 cable to a unifi AC access point. The only one client it have is my connected thinkpad.

I can destroy "everything" I'm in a laboratory enviroment.

I have CRC, TSO and LRO disabled.

For the virtualization enviroment I use ovirt cluster that is based in libvirt. The nic driver I use is virtio

I reduced the vCPU to 2 and rebooted the VM with no success.

9

16.7 Legacy Series / [SOLVED] IPS Mode not working

« on: August 24, 2016, 09:03:20 am »

Hello,

I'm testing a virtual machine (4 gb ram, 8 core) with the last opnsense firewall.

All work great but Intrusion Detection with IPS activated.

If I disable IPS all work again, but if I enable IPS (with and without promiscuous mode) I can't do anything. I have teste without any rulesets without success.

It will be really great to have it working.

Thanks

10

16.7 Legacy Series / [SOLVED] SSH neighbor host

« on: August 23, 2016, 12:34:29 pm »

Hello,

I just installed OPNSense in a virtual kvm host (4 GB RAM, 8 core) for testing purpose.

All running fine.

I want to use it basically for web filtering and vpn server as I have the ISP firewall.

My scenario is the next:

I have 2 network providers (2 Gbps each one) and I do load balancing with an ASR1001 (1.2.3.1).
Next hop I have the ISP firewall in transparent mode.
Behind the firewall I have the different services (wimax, fiber, cmts, etc) and my network.
My network is 1.2.3.0/24 and the firewall have 1.2.3.12/24 with 1.2.3.1/24 as gateway.

When I ping another host from 1.2.3.0/24 all is ok but if I try to ssh in the machine I cannot. traceroute stucks too at firewall's LAN port.

I really never used this software and I can't guess what's happening.

As I can see, from the LAN port can't go to direct connected hosts from WAN's port.

Anyone have any idea about what's happening?

Tranks.