Messages

Thanks for the update!

Glad to know I'm not losing it lol  ;D

I'm thinking the ability to add a port range in Outbound NAT would make a good feature request. I know creating an alias for the range works but in this case its just an unneeded extra step.

I hate comparing and hope no one takes offense but you can specify "Outbound NAT" port ranges like "27014:27050" in pfSense. However even their solution is not intuitive for noobs like myself. They use a single box with some text underneath that says "Port or Range". It took me forever to figure out how to actually specify the range.

I think if OPNsense was to add a port range option it would be more intuitive if they use the "To" and "From" for the range like in the Port Forward options.

If what you are thinking about for filtering URL's is basically to setup an ad blocker there is a post on here about using Unbound DNS to basically do just that.  You can setup a script to automatically poll text documents and then parse them for your system. 

Excellent to know that, thanks for the tip!

Once I get OPNsense reinstalled I will definitely give your tip a go.

PS - Do you happen to remember the title for the post you mentioned?

Did you see the image I posted?  Also, after selecting "(other)", you will have two fields that show up below "(other)" - one for "from" and the other for "to".  The attached image is taken just after selecting "(other)" and entering in the desired port range.

Hmm, I may have found a bug or my eyes are getting worse then I thought lol.

I do not recall having both the To and From boxes come up after choosing "other" like in your pic. For me only one box came up. I really wish I still had OPNsense installed so that I can test it again.

Since I can't test at the moment, if you get a chance please try to create an outbound NAT rule with only a single port and save. Then "clone" that saved rule and try to change your single port to a port range. This was how I tried to create my NAT rule that needed the range. I would be very curious of your results.

If it still works as expected for you then I seriously wasn't paying attention when trying to create my port range. I just can't imagine I would make that kind of blunder but I suppose it's possible. 

Like this?  If so, then you need to first select "Other" and then the port range...

If I am understanding you correctly you are saying to choose "other" and enter the range as 27014 - 27050.

If so, I actually tried that and a few other variations with no success.

I tried 27014:27050, 27014 : 27050, 27014-27050, 27014 - 27050 but for some reason it just wouldn't work.

When I get my spare pc up and running with OPNsense I will give it another go.

Thank you both for your kind and helpful responses.

I actually had to reinstall pfsense as I had a config that was working for the most part and things at home have got kinda busy as of late leaving me little time for learning a new firewall.

I actually thought I would be able to get OPNsense up and running fairly easily since it is so similar to pfSense but found a few things I am getting hung up on.

I will say though that I have full intention on using OPNsense in the future. Aside from some of the things I have already mentioned, I feel much better supporting and open source project.

Ultimately I think I will install OPNsense on one of my spare pc's and get to know it better before implementing into my network.

Thanks again!

Hello,

I am trying to create some port forwards in outbound NAT but can't seem to figure out how to specify a port range correctly.

As an example I tried 27014:27050 but I get an input error on save.

Is it possible to specify a port range in outbound NAT or will I need to create the range in an Alias?

Hello All,

About 4 months ago I decided it was time for a router based firewall. I had a set of criteria I wanted my firewall to do and the first firewall I came across that seemed to fit my needs was pfSense.

To make a long story short pfSense does have most all the features I need but I found it not very intuitive and as such I had a difficult time setting it up. As you could guess I had to ask several questions in their forum. What I found was that several of the questions I asked went unanswered and when I did get an answer it was usually either condescending or unhelpful, sometimes both.

This led me to look else where for a firewall solution and that is when I found OPNsense. I was delighted to find OPNsense is very similar to pfSense which made the initial setup of OPNsense much smoother. On the plus side I really also like the OPNsense webGUI.

In the past couple of days I have so far got OPNsense installed and running with no issues. At this point I now need to set up my VPN, some port forwards, DNS and web filtering.

I have got my VPN partially setup, I just need to create my VPN gateways and gateway group which shouldn't be a problem for me. I also shouldn't need any help with the port forwards.

What I am getting stuck on is getting the DNS working correctly and trying to figure out the web filtering.

Concerning DNS, how would I setup OPNSense as the main DNS resolver and Google DNS as a secondary? My main objective is to not use my ISP's DNS which is I believe dynamically assigned because I connect using PPPoE.

I will also be setting up OpenVPN from ExpressVPN. Their DNS is also dynamically assigned. I will be using 2 different VPN locations in what I believe is called a fall over config or load balancing in case one goes down. This for the most part shouldn't be a problem for me to set up except for the DNS. I think the DNS will be an issue for me because some of my LAN clients will run through the VPN and some won't. Due to the way the VPN works I also can't manually assign VPN DNS servers as they are unknown and assigned dynamically.

I am also wondering if I can use block list similar to how you would with pfBlockerNG. In pfBlockerNG I can block IP's and URL's using auto updated Block List. I am hoping I can I achieve this same functionality with OPNsense.

So to recap my not so clear questions,

1. Can I use OPNsense like pfBLockerNG by filtering IP's and URL's with block list and have these list auto update?

2. If yes to #1, how do I accomplish?

3. How would I setup OPNSense as the main DNS resolver and Google DNS as a secondary?

4. How can I have some network clients use VPN IP and DNS while others NOT using VPN use ISP IP and DNS as described in question #3?

This is probably alot to ask but hopefully someone here can help.

If it helps to know, I am running the latest OPNsense version on amd64 hardware.

Thanks in advance  :)