"
Hello,
I got it.
Firewall > Settings > Advanced and check " Disable reply-to on WAN rules"
I got it.
Firewall > Settings > Advanced and check " Disable reply-to on WAN rules"
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
17.1 Legacy Series / [SOLVED] NAT from same external network
March 30, 2017, 05:04:54 PM
Hello,
I have 6 OPNSense firewalls running in HP Gen7 machines with raid disks and I have a little problem with nat rules.
We have the next scenario:
Gateway => 5.1.2.1/24
Firewall1 => 5.1.2.2/24
Firewall2 => 5.1.2.3/24
Another client => 5.1.2.254/24
In Firewall1 we make nat from internal ip 192.168.0.1:8000 to the wan 5.1.2.2:8000
We can access successfuly the machine behind the nat from all public ips but from 5.1.2.0/24 cannot and we don't know why.
It is a bit annoying because I have my machines behind firewall2 and I want to access the content from firewall1
Thanks!
I have 6 OPNSense firewalls running in HP Gen7 machines with raid disks and I have a little problem with nat rules.
We have the next scenario:
Gateway => 5.1.2.1/24
Firewall1 => 5.1.2.2/24
Firewall2 => 5.1.2.3/24
Another client => 5.1.2.254/24
In Firewall1 we make nat from internal ip 192.168.0.1:8000 to the wan 5.1.2.2:8000
We can access successfuly the machine behind the nat from all public ips but from 5.1.2.0/24 cannot and we don't know why.
It is a bit annoying because I have my machines behind firewall2 and I want to access the content from firewall1
Thanks!
#3
16.7 Legacy Series / Re: [SOLVED] IPS Mode not working
August 26, 2016, 08:25:53 AM
Hello,
I have it running fine wth e1000 driver and promiscuous mode enabled.
You cannot edit rules (or I can't see the option to edit), but you can add user defined actions in the "user defined" tab and you can enable/disable it in the "rules" tab.
I have it running fine wth e1000 driver and promiscuous mode enabled.
You cannot edit rules (or I can't see the option to edit), but you can add user defined actions in the "user defined" tab and you can enable/disable it in the "rules" tab.
#4
Hardware and Performance / Re: New Mini PC Hardware
August 25, 2016, 12:46:05 PM
I'm waiting for this mini pc too, anyone know the max throughtput?
I'm buying it for testing purpose but If it goes OK I will deploy this firewall arround all the campings and hotels.
The main purpose is web filtering and intrusion detection, i do all the other stuff (radius, captive portal, etc) with miktorik core routers.
I'm buying it for testing purpose but If it goes OK I will deploy this firewall arround all the campings and hotels.
The main purpose is web filtering and intrusion detection, i do all the other stuff (radius, captive portal, etc) with miktorik core routers.
#5
16.7 Legacy Series / Re: [SOLVED] IPS Mode not working
August 25, 2016, 12:01:27 PM
I'm using oVirt that is based in KVM
Here you can find more info about oVirt: https://www.ovirt.org/
and about KVM: http://www.linux-kvm.org/page/Main_Page
Here you can find more info about oVirt: https://www.ovirt.org/
and about KVM: http://www.linux-kvm.org/page/Main_Page
#6
16.7 Legacy Series / Re: SSH neighbor host
August 24, 2016, 05:23:42 PM
Hello,
Can mark as solved, misunderstanding with bogon networks option in WAN interface.
Can mark as solved, misunderstanding with bogon networks option in WAN interface.
#7
16.7 Legacy Series / Re: IPS Mode not working
August 24, 2016, 05:12:51 PM
Ok,
Can mark as solved, the issue was the network card, virtio is not compatible with ips as I can see, switched to e1000, reconfigured the network interfaces and all ok with ips and promiscuous.
Thanks phoenix for your help.
Can mark as solved, the issue was the network card, virtio is not compatible with ips as I can see, switched to e1000, reconfigured the network interfaces and all ok with ips and promiscuous.
Thanks phoenix for your help.
#8
16.7 Legacy Series / Re: IPS Mode not working
August 24, 2016, 09:34:48 AM
Hello,
I have read all the IPS and Intrusion detection related documentation and other people posts and no success.
I have no VLANS, no link aggregation.
My build is a virtual machine in the datacenter with 2 nics and direct internet access over the wan and in the lan side I have 1 cisco 2960-s switch, then a mikrotik ccr1036-4s for my laboratory network and a direct cat6 cable to a unifi AC access point. The only one client it have is my connected thinkpad.
I can destroy "everything" I'm in a laboratory enviroment.
I have CRC, TSO and LRO disabled.
For the virtualization enviroment I use ovirt cluster that is based in libvirt. The nic driver I use is virtio
I reduced the vCPU to 2 and rebooted the VM with no success.
I have read all the IPS and Intrusion detection related documentation and other people posts and no success.
I have no VLANS, no link aggregation.
My build is a virtual machine in the datacenter with 2 nics and direct internet access over the wan and in the lan side I have 1 cisco 2960-s switch, then a mikrotik ccr1036-4s for my laboratory network and a direct cat6 cable to a unifi AC access point. The only one client it have is my connected thinkpad.
I can destroy "everything" I'm in a laboratory enviroment.
I have CRC, TSO and LRO disabled.
For the virtualization enviroment I use ovirt cluster that is based in libvirt. The nic driver I use is virtio
I reduced the vCPU to 2 and rebooted the VM with no success.
#9
16.7 Legacy Series / [SOLVED] IPS Mode not working
August 24, 2016, 09:03:20 AM
Hello,
I'm testing a virtual machine (4 gb ram, 8 core) with the last opnsense firewall.
All work great but Intrusion Detection with IPS activated.
If I disable IPS all work again, but if I enable IPS (with and without promiscuous mode) I can't do anything. I have teste without any rulesets without success.
It will be really great to have it working.
Thanks
I'm testing a virtual machine (4 gb ram, 8 core) with the last opnsense firewall.
All work great but Intrusion Detection with IPS activated.
If I disable IPS all work again, but if I enable IPS (with and without promiscuous mode) I can't do anything. I have teste without any rulesets without success.
It will be really great to have it working.
Thanks
#10
16.7 Legacy Series / [SOLVED] SSH neighbor host
August 23, 2016, 12:34:29 PM
Hello,
I just installed OPNSense in a virtual kvm host (4 GB RAM, 8 core) for testing purpose.
All running fine.
I want to use it basically for web filtering and vpn server as I have the ISP firewall.
My scenario is the next:
I have 2 network providers (2 Gbps each one) and I do load balancing with an ASR1001 (1.2.3.1).
Next hop I have the ISP firewall in transparent mode.
Behind the firewall I have the different services (wimax, fiber, cmts, etc) and my network.
My network is 1.2.3.0/24 and the firewall have 1.2.3.12/24 with 1.2.3.1/24 as gateway.
When I ping another host from 1.2.3.0/24 all is ok but if I try to ssh in the machine I cannot. traceroute stucks too at firewall's LAN port.
I really never used this software and I can't guess what's happening.
As I can see, from the LAN port can't go to direct connected hosts from WAN's port.
Anyone have any idea about what's happening?
Tranks.
I just installed OPNSense in a virtual kvm host (4 GB RAM, 8 core) for testing purpose.
All running fine.
I want to use it basically for web filtering and vpn server as I have the ISP firewall.
My scenario is the next:
I have 2 network providers (2 Gbps each one) and I do load balancing with an ASR1001 (1.2.3.1).
Next hop I have the ISP firewall in transparent mode.
Behind the firewall I have the different services (wimax, fiber, cmts, etc) and my network.
My network is 1.2.3.0/24 and the firewall have 1.2.3.12/24 with 1.2.3.1/24 as gateway.
When I ping another host from 1.2.3.0/24 all is ok but if I try to ssh in the machine I cannot. traceroute stucks too at firewall's LAN port.
I really never used this software and I can't guess what's happening.
As I can see, from the LAN port can't go to direct connected hosts from WAN's port.
Anyone have any idea about what's happening?
Tranks.
Pages1
