Messages

Hi all

I have this opnsens

192.168.1.1 opnsens  (all in mask /24)
   ---------------------------------------------
    - wan 192.168.0.1
    - lan 192.168.1.1
    - dmz 192.168.2.1
    - wifi 192.168.4.1  + (dhcp range ( .4.5 to .4.20)

    ---------------------------------------------



I try to reach serveur in dmz from wifi client.
   like this : ping 192.168.2.10 (web serveur)  from 192.168.4.10 but no way.


   and i get allways a : Block deny rule when i try to access 192.168.2.10 from a webrowser in wifi client 192.168.4.10
i have got a deny  : src 192.168.2.10:80 dst 192.168.4.10:55120 default deny rule


All is working, wifi client can access internet, except that i cant access my Web service  in dmz from wifi client.

I have added a rule like this
Pass 192.168.3.0 http  192.168.1.4 (Web serveur) any

wifi users can access to internet and lan users but not dmz serveur
lan users and internet users can acces to my webserver in dmz.

Something is wrong....
Any help is welcome

Opnsense 21.7

Hi,

can you say wich info i need to introduce in"alternative hostname"
my.host.on.ddns.service is your opnsens hostname  ?

Hi everybody,

I have a lan with 4 computers in siteA
and in siteB, i have a opnsense serveur with VPN.

It work fine but only for one computer (client vpn)
If someone is siteA is connected to siteB, other client can't connect to vpn server.

Any suggestion to permet all computer in siteA lan to access siteB in same time ?

Thank you for your help

my version is OPNsense 16.7.14

you find it
thantks franco  :)

Hi thank you for your reply

in /tmp/rules.debug, i havn't any lines begin with : $natrules

here is lines with 1723
cat /tmp/rules.debug | grep 1723
rdr on bge0 inet proto tcp from any port 1723 to 192.168.100.1 -> 192.168.100.99 port 1723
no nat on re0 proto tcp from re0 to 192.168.100.99 port 1723
nat on re0 proto tcp from 192.168.100.0/22 to 192.168.100.99 port 1723 -> 192.168.100.1 port 1024:65535
pass in log on $WAN proto tcp from any to 8x.xxx.xx.xxx port = 1723 modulate state label "allow pptpd 8x.xxx.xx.xxx"
pass  in  quick  on $WAN reply-to ( bge0 8x.xxx.xx.xxx ) inet proto tcp  from any port 1723 to 192.168.100.99 port 1723 flags S/SA keep state  label "USER_RULE: NAT "
pass  in  quick  on $LAN inet proto tcp  from 192.168.100.0/22 port 1723 to 8x.xxx.xx.xxx/29 flags S/SA keep state  label "USER_RULE"


and here lines with gre :

cat /tmp/rules.debug | grep gre
rdr on bge0 inet proto gre from any to any -> 192.168.100.99
no nat on re0 proto gre from re0 to 192.168.100.99
nat on re0 proto gre from 192.168.100.0/22 to 192.168.100.99 -> 192.168.100.1 port 1024:65535
pass in log on $WAN proto gre from any to any keep state label "allow gre pptpd"
pass  in  quick  on $WAN reply-to ( bge0 8x.xxx.xx.xxx ) inet proto gre  from any to 192.168.100.99 keep state  label "USER_RULE: NAT "
pass  in  quick  on $LAN inet proto gre  from any to any keep state  label "USER_RULE"
pass  in  quick  on $LAN inet6 proto gre  from any to any keep state  label "USER_RULE"


ps : jsute te be sure  {$pptpdtarget} is my ip auth machine, is this correct ?
i hope this info can help

Hi all,

I have a pptp server inside my lan (192.168.1.99)  and want to reach it by client pptp

i've found this info:
"The PPTP server redirection mode has been removed. It can be emulated by the two following NAT port forward rules: From incoming WAN interface, redirect all traffic to PPTP server IP target for protocol GRE. From incoming WAN interface redirect all traffic to PPTP server IP target for protocol TCP, port 1723. Note that due to the design of GRE, only one server can be reached by incoming clients at any given time."

with last  last update pptp was removed

I suppose that for me, It'snt necessary to add this plugin because my server is inside the lan, and i want to redirect correctly the vpn connection to my pptp server

so, i have added two Nat redirection : GRE and tcp/1723 from WAN to LAN 192.168.1.99

But that doen't work !

What i have missed,

Thank for any help

config opnsense ip :192.168.1.1