Messages

1

General Discussion / Re: How do I specify a Port Range in NAT?

« on: January 02, 2018, 11:33:23 pm »

Thanks for the update!

Glad to know I'm not losing it lol 

I'm thinking the ability to add a port range in Outbound NAT would make a good feature request. I know creating an alias for the range works but in this case its just an unneeded extra step.

I hate comparing and hope no one takes offense but you can specify "Outbound NAT" port ranges like "27014:27050" in pfSense. However even their solution is not intuitive for noobs like myself. They use a single box with some text underneath that says "Port or Range". It took me forever to figure out how to actually specify the range.

I think if OPNsense was to add a port range option it would be more intuitive if they use the "To" and "From" for the range like in the Port Forward options.

2

General Discussion / Re: New User needing some DNS and Web Filtering Help

« on: January 02, 2018, 06:33:14 am »

If what you are thinking about for filtering URL's is basically to setup an ad blocker there is a post on here about using Unbound DNS to basically do just that.  You can setup a script to automatically poll text documents and then parse them for your system. 

Excellent to know that, thanks for the tip!

Once I get OPNsense reinstalled I will definitely give your tip a go.

PS - Do you happen to remember the title for the post you mentioned?

3

General Discussion / Re: How do I specify a Port Range in NAT?

« on: January 02, 2018, 06:28:17 am »

Did you see the image I posted?  Also, after selecting "(other)", you will have two fields that show up below "(other)" - one for "from" and the other for "to".  The attached image is taken just after selecting "(other)" and entering in the desired port range.

Hmm, I may have found a bug or my eyes are getting worse then I thought lol.

I do not recall having both the To and From boxes come up after choosing "other" like in your pic. For me only one box came up. I really wish I still had OPNsense installed so that I can test it again.

Since I can't test at the moment, if you get a chance please try to create an outbound NAT rule with only a single port and save. Then "clone" that saved rule and try to change your single port to a port range. This was how I tried to create my NAT rule that needed the range. I would be very curious of your results.

If it still works as expected for you then I seriously wasn't paying attention when trying to create my port range. I just can't imagine I would make that kind of blunder but I suppose it's possible. 

4

General Discussion / Re: How do I specify a Port Range in NAT?

« on: January 01, 2018, 05:39:46 am »

Like this?  If so, then you need to first select "Other" and then the port range...

If I am understanding you correctly you are saying to choose "other" and enter the range as 27014 - 27050.

If so, I actually tried that and a few other variations with no success.

I tried 27014:27050, 27014 : 27050, 27014-27050, 27014 - 27050 but for some reason it just wouldn't work.

When I get my spare pc up and running with OPNsense I will give it another go.

5

General Discussion / Re: New User needing some DNS and Web Filtering Help

« on: January 01, 2018, 05:32:59 am »

Thank you both for your kind and helpful responses.

I actually had to reinstall pfsense as I had a config that was working for the most part and things at home have got kinda busy as of late leaving me little time for learning a new firewall.

I actually thought I would be able to get OPNsense up and running fairly easily since it is so similar to pfSense but found a few things I am getting hung up on.

I will say though that I have full intention on using OPNsense in the future. Aside from some of the things I have already mentioned, I feel much better supporting and open source project.

Ultimately I think I will install OPNsense on one of my spare pc's and get to know it better before implementing into my network.

Thanks again!

6

General Discussion / How do I specify a Port Range in NAT?

« on: December 31, 2017, 05:36:28 am »

Hello,

I am trying to create some port forwards in outbound NAT but can't seem to figure out how to specify a port range correctly.

As an example I tried 27014:27050 but I get an input error on save.

Is it possible to specify a port range in outbound NAT or will I need to create the range in an Alias?

7

General Discussion / New User needing some DNS and Web Filtering Help

« on: December 31, 2017, 05:01:21 am »

Hello All,

About 4 months ago I decided it was time for a router based firewall. I had a set of criteria I wanted my firewall to do and the first firewall I came across that seemed to fit my needs was pfSense.

To make a long story short pfSense does have most all the features I need but I found it not very intuitive and as such I had a difficult time setting it up. As you could guess I had to ask several questions in their forum. What I found was that several of the questions I asked went unanswered and when I did get an answer it was usually either condescending or unhelpful, sometimes both.

This led me to look else where for a firewall solution and that is when I found OPNsense. I was delighted to find OPNsense is very similar to pfSense which made the initial setup of OPNsense much smoother. On the plus side I really also like the OPNsense webGUI.

In the past couple of days I have so far got OPNsense installed and running with no issues. At this point I now need to set up my VPN, some port forwards, DNS and web filtering.

I have got my VPN partially setup, I just need to create my VPN gateways and gateway group which shouldn't be a problem for me. I also shouldn't need any help with the port forwards.

What I am getting stuck on is getting the DNS working correctly and trying to figure out the web filtering.

Concerning DNS, how would I setup OPNSense as the main DNS resolver and Google DNS as a secondary? My main objective is to not use my ISP's DNS which is I believe dynamically assigned because I connect using PPPoE.

I will also be setting up OpenVPN from ExpressVPN. Their DNS is also dynamically assigned. I will be using 2 different VPN locations in what I believe is called a fall over config or load balancing in case one goes down. This for the most part shouldn't be a problem for me to set up except for the DNS. I think the DNS will be an issue for me because some of my LAN clients will run through the VPN and some won't. Due to the way the VPN works I also can't manually assign VPN DNS servers as they are unknown and assigned dynamically.

I am also wondering if I can use block list similar to how you would with pfBlockerNG. In pfBlockerNG I can block IP's and URL's using auto updated Block List. I am hoping I can I achieve this same functionality with OPNsense.

So to recap my not so clear questions,

1. Can I use OPNsense like pfBLockerNG by filtering IP's and URL's with block list and have these list auto update?

2. If yes to #1, how do I accomplish?

3. How would I setup OPNSense as the main DNS resolver and Google DNS as a secondary?

4. How can I have some network clients use VPN IP and DNS while others NOT using VPN use ISP IP and DNS as described in question #3?

This is probably alot to ask but hopefully someone here can help.

If it helps to know, I am running the latest OPNsense version on amd64 hardware.

Thanks in advance