Messages

A little off topic, but how do I upgrade to suricata 4?

So, after reinstalling as a base system I can update both the firmware and suricata rule sets. I can also ping google.com. My wan gateway is automatically added to my upstream router. As soon as I follow the wiki and enable transparent firewall by bridging the interfaces, I can no longer reach the repositories. I can no longer ping google.com nor ping 8.8.8.8. However, I can reach the internet and web GUI from downstream interfaces. At this stage there are no gateways. If I add my upstream router as a gateway, I no longer have downstream internet access and I can no longer reach the web GUI. Any ideas?

I am going to reinstall again tonight and then see if I can update as well as download the suricata rules before configuring it as a transparent firewall. See if it's the transparent firewall configuration causing issues...

I'm having the same problem, I thought it was because I was running a transparent firewall (can't get the suricata rule sets either). Maybe this is something more widespread?

Managed to get it working on my third attempt. Found out what was the culprit - just don't know why. Turned out I couldn't connect after I added an upstream gateway as my router and added it to the Br interface. For some reason the broke everything and I was no longer able to connect to the GUI or reach the internet. Does anyone know why this happens?

Did a factory reset and followed the wiki to the letter and I have the transparent bridge configured. I removed all the rules from the WAN interface and added and allow all rule - this let me reach the internet from downstream devices.

HOWEVER..... whilst I can reach the internet from behind the opnsense box, the box itself can't reach the internet. I can't update the firmware (could not find the repositories) and can't download the suricata rulests. From the console, if I ping google.com I can't resolve host, and if I ping 8.8.8.8 I get can't find route to host.

So, where do I go from here? Anyway for my transparent bridge to reach the internet so I can download the suricata rulesets?

Thanks in advance

Hi All,

I'm having a bit of a problem setting up a transparent firewall (eventually for IPS). I followed the instructions here: https://docs.opnsense.org/manual/how-tos/transparent_bridge.html and was able to create the bridge. I also added my upstream router (which provides dhcp) as a gateway and added that to the bridge settings. Initially I was able to log into the web GUI from desktops downstream of the firewall, but wasn't able to reach the internet. After a reboot, I was no longer able to reach the GUI from downstream desktops. I'm not sure what I e dong wrong, but this has happened twice now. Is there anything different with 17.7 as the guide I'm following was originally for 15. I have searched for the answer and returned this post: https://forum.opnsense.org/index.php?topic=5162.0 but so far I haven't been able to fix it. Any hints, tips or tricks I'm missing?
Many thanks

Now after reboot I can't ping or connect the the web GUI. I'm lost. Will try from scratch again.

I added my routers IP address as the default gateway for the bridge interface

Additionally, I can ping the opnsense box from another computer on the LAN (not downstream from transparent firewall which I'm testing), but can't connect to the GUI. I'm guessing it's a firewall rule issue, but I have allowed all IPv4 traffic to pass on the bridged interface.

How did you end up getting this working? I have the same issue. Followed all the steps but my LAN can't access the internet. I can't ping my router (default gateway) from any of the LAN workstations. I can connect to the web GUI fine and I have IPv4 allow all rule. Not sure what I'm missing...