Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - nj44451

Pages: [1]

General Discussion / Re: pass only a specific block of external IP ranges to an internal port

« on: December 18, 2022, 03:59:31 pm »

Changed to Networks and all is working now also I think at one point I forgot to click apply as well.

Thanks for your help.

General Discussion / Re: pass only a specific block of external IP ranges to an internal port

« on: December 17, 2022, 08:44:05 pm »

this is what is set the works to pass on port 25 to the server
Nat under port forward

WAN TCP * * WAN address 25 (SMTP) 192.168.1.54 25 (SMTP)

As soon as I add the alias as the source addresses it gets blocked

WAN TCP SMTP_alias * WAN address 25 (SMTP) 192.168.1.54 25 (SMTP)

under alias "SMTP_alias" I have it set to URL (ips)

With these addresses added

72.35.12.0/255.255.255.0
72.35.23.0/255.255.255.0
208.70.128.0/255.255.248.0

General Discussion / Re: pass only a specific block of external IP ranges to an internal port

« on: December 17, 2022, 08:28:13 pm »

I had tried before adding the alias to the source and nothing.

I just modified the existing NAT I had for pass the traffic to my local IP on port 25

in the alias if shows it loaded the whole range of ip based on the masks I set.

for example I have this range setup in the alias: 72.35.12.0/255.255.255.0

I have it setup as a URL alias should I be using something else?

Here is what I see in the live log.

wan 2022-12-17T14:25:56-05:00 72.35.12.47:50702 98.157.240.17:25 tcp Default deny / state violation rule

General Discussion / pass only a specific block of external IP ranges to an internal port

« on: December 17, 2022, 06:45:29 pm »

I have an external spam filter that passes mail to my mail server on port 25.

I want to ensure that only mail from the spam filter is delivered to my mail server.

I setup an alias with the IP ranges for the spam filters public ip address but the server gets blocked no matter what I try.

I am setting this up on the NAT port forward.

Do anyone have an example of how to set this up?
for example I have this range setup in the alias: 72.35.12.0/255.255.255.0

Thanks,

Trent

18.1 Legacy Series / entering IP alias in the virtual IP section

« on: June 26, 2018, 09:03:15 pm »

Been using opnsense since the version 17.* days and In prior versions I had no issue adding and IP alias from WAN address block under the virtual IP setting.

Now when I enter one it flags that IP is invalid. I can export the config file and add or edit manually but was wondering if there is something I am doing wrong when I try to use the GUI.

Thanks,

Trent

18.1 Legacy Series / only use the WAN IP address

« on: March 06, 2018, 04:14:19 am »

I have 2 virtual IP addresses assigned and have adjusted the settings so that you will use the same IP address for a connection. (Made adjustments to the stick connection)

I have 2 outbound NAT rules set for servers so any data out will use the specified IP address. But my question is how can I force all other LAN traffic to simply only the Wan IP address and not use the other defined addresses.

Thanks,

Trent

18.1 Legacy Series / Re: passive ftp clients behind the firewall

« on: March 06, 2018, 04:07:06 am »

After a fresh install not from upgrade, lots of reading and looking at log files I found the issue with the clients connecting to an ftp server in passive mode outside my network.

Because of the Round robin or whatever you call it, since I have 2 virtual IP listed the program kept using different Public IP address for the various parts of the FTP connect and when I turned it off the FTP started making connection again. This same issue was causing issue in connection to certain Bank sites as their system detected the IP kept changing and blocked us out.

18.1 Legacy Series / Re: passive ftp clients behind the firewall

« on: March 03, 2018, 02:00:49 am »

i will take a look at the logs but what I don't understand is everything was working normal until I upgraded to 8.1.
I am thinking to either reinstall 8.1 from scratch like I have seen in some post or go back and stay at 7.5

18.1 Legacy Series / passive ftp clients behind the firewall

« on: March 02, 2018, 07:20:20 pm »

Just last night I upgraded to OPNsense 18.1.2_2-amd64 and since the upgrade none of the computers that have FTP clients running on them can access an FTP server outside the firewall.

I never added any special rules to the firewall up to this point to get them to work. But the upgrade from 7.7 to 8.1 change something related to the FTP.

Right now I had to move those machines over to an internet connection that is routed through my old firewall to get things working again. Anyone have any suggestion of something I can try to resolve the issue?

Thanks,

Trent

17.1 Legacy Series / SSL certificate for exchange being blocked

« on: September 29, 2017, 03:08:35 pm »

Everything has been working fine the last month since Installed OPNsense firewall then out of the blue Randow people have started getting SSL certifcate errors when trying to connect to our internal exchange server.

The SSL certificate is valid also one of the warning is an OPN certificate as well.

Anyone have any idea how to have the firewall stop block the SSL certs? If revert them back to the one firewall everything is fine.

Thanks,

Trent

17.1 Legacy Series / Re: Setting up multiple IPs on 1 WAN connection

« on: July 24, 2017, 07:11:07 pm »

Bart,

I think I got it now will give it a try

Thanks for your help.

Trent

17.1 Legacy Series / Re: Setting up multiple IPs on 1 WAN connection

« on: July 24, 2017, 04:52:39 am »

I understand about the NAT and setting up the specific public IP to go to the LAN.

But in the rules how do you setup the specific public IP and port to be directed to the LAN.

I see where you can direct the specific port from the WAN to a specific LAN IP but you can not set the Public IP address.

If I have 2 public IP's and port 80 need to go to 2 different servers how do you set that up in the rules.

64. is public and 10. internal

example 64.28.44.166 port 80 goes to 10.0.0.10 port 80
and 64.28.44.167 port 80 goes to 10.0.0.011 port 80.

I have been looking at the documents and can find an example of how to do this.

Thanks.

17.1 Legacy Series / Re: Setting up multiple IPs on 1 WAN connection

« on: July 21, 2017, 05:29:16 pm »

Ok I see where to do that.

So by setting this up this just allows the public IP I specify from the Wan onto the LAN net correct?
But I am assuming this setting still wont let any traffic through correct?

If that is the case:
Now how do I open a specific port say 80 from that specific public public ip to be directed onto an IP on the LAN.

Under rules or nat and port forwarding?

Thanks for your help on this Bart!

17.1 Legacy Series / Re: Setting up multiple IPs on 1 WAN connection

« on: July 21, 2017, 04:00:28 pm »

Where in the Nat do you setup the additional ranges?

I wish the documentation had screen shot examples of how to set various situations.

17.1 Legacy Series / Setting up multiple IPs on 1 WAN connection

« on: July 21, 2017, 05:06:23 am »

Hello,

I am wondering how to correctly setup additional IP addresses on my WAN connection.

I have 8 IP addresses available and need to use the additional IPs to forward ports via NAT to my mail and web server.

Thanks

Pages: [1]