Messages

1

Italian - Italiano / Re: Come faccio ad aprire una porta per accedere al NAS

« on: July 31, 2018, 12:15:33 pm »

Ciao,
non so quali siano le tue necessità ma io eviterei di esporre il nas direttamente all'esterno, specialmente su una porta nota. meglio collegarsi in vpn e consultarlo così.

2

Italian - Italiano / Re: OPNsense e wake-on-LAN

« on: July 31, 2018, 12:08:22 pm »

ciao,
su opnsense c'è il plugin per il wake on lan, il problema è laccesso da remoto che va fatto in vpn sul firewall (opnense) e non sul router vdsl.

Andrea

3

18.1 Legacy Series / Re: DNS not resolving

« on: May 16, 2018, 12:20:11 pm »

"RR" is not something i wrote anywhere, it comes from opnsense (intended as "from the service")

4

18.1 Legacy Series / Re: DNS not resolving

« on: May 16, 2018, 11:48:00 am »

as long i can remember maybe there's a client without hostname which actually has an ip given by the dhcp.
and the ip 192.168.0.100 is free...

5

18.1 Legacy Series / Re: DNS not resolving

« on: May 15, 2018, 11:51:42 am »

i had to rebuild the firewall since i believe the configuration was completely f**ked.
now Unbound dns is working but if i check the option "Register DHCP leases in the DNS Resolver" the service stops. to start it again i have to unchek the flag.
in the and log there are this errors:

May 15 11:49:56   unbound: [97525:0] fatal error: Could not set up local zones
May 15 11:49:56   unbound: [97525:0] error: Bad local-data RR .tortuga.local IN A 192.168.0.100

but i don't really know what they mean...

6

18.1 Legacy Series / Re: DNS not resolving

« on: May 02, 2018, 03:40:12 pm »

I'd suggest you remove the localhost IP from the first entry, if you actually have a DNS server running on the firewall LAN IP then change it to that.

nothing changed after this try...

7

18.1 Legacy Series / Re: DNS not resolving

« on: April 30, 2018, 07:41:11 pm »

I'd suggest you remove the localhost IP from the first entry, if you actually have a DNS server running on the firewall LAN IP then change it to that.

uh, i forgot to delete it, that was one of the many things i tried...

8

18.1 Legacy Series / DNS not resolving

« on: April 30, 2018, 07:13:01 pm »

Hello,
after something that i don't know  happened the dns server on my firewall it's not resolving anymore.
atthached the screenshot of my setup.

if i query a dns lookup from a client (DHCP gives the firewall ip ad first dns to the clients) i got a time out, what am i missing?

Andrea

9

18.1 Legacy Series / Re: cron to check wan ip?

« on: April 01, 2018, 04:31:22 pm »

thanks a lot, i'll try it soon!

This is basically the script you need to run, you'll need to set up the cron event to run it

It's very simple, it uses ifconfig to look for the ipv4 IP address, if it starts wih 100. then it will take down the WAN interface, wait 5 seconds and bring it back up.

You'll need to set the parent interface name to match yours... and as an afterthought change it to pppoe0.

Code: [Select]

#!/bin/sh
# Testing for invalid wan IP

inteface="igb0"

test_string="net 100."
result=$(ifconfig pppoe1 | grep "inet ")

if [ "$result" != "${result%"$test_string"*}" ]; then
ifconfig $interface down
sleep 5
ifconfig $inteface up
fi


10

18.1 Legacy Series / Re: cron to check wan ip?

« on: March 30, 2018, 03:00:41 pm »

That's correct, it' s a private class used by the ISP due to a lack of public ip  . Extracted from the your second link:

[...]It is anticipated that Service Providers
   will use this Shared Address Space to number the interfaces that
   connect CGN devices to Customer Premises Equipment (CPE).[...]

here you can see my connection log:

Code: [Select]

Mar 26 08:08:16 opnsense: /usr/local/etc/rc.newwanip: On (IP address: 100.115.X.X) (interface: EOLO[wan]) (real interface: pppoe0).
Mar 26 06:29:23 opnsense: /usr/local/etc/rc.newwanip: On (IP address: 78.134.X.X) (interface: EOLO[wan]) (real interface: pppoe0).
Mar 26 04:28:04 opnsense: /usr/local/etc/rc.newwanip: On (IP address: 78.134.X.X) (interface: EOLO[wan]) (real interface: pppoe0).
Mar 22 16:27:39 opnsense: /usr/local/etc/rc.newwanip: On (IP address: 78.134.X.X) (interface: EOLO[wan]) (real interface: pppoe0).
Mar 20 19:06:21 opnsense: /usr/local/etc/rc.newwanip: On (IP address: 78.134.X.X) (interface: EOLO[wan]) (real interface: pppoe0).
Mar 20 19:04:16 opnsense: /usr/local/etc/rc.newwanip: On (IP address: 100.119.X.X) (interface: EOLO[wan]) (real interface: pppoe0).

11

Italian - Italiano / Re: opnsense e local dns

« on: March 26, 2018, 11:35:51 am »

buono a sapersi, avevo lo stesso problema...

12

18.1 Legacy Series / cron to check wan ip?

« on: March 26, 2018, 10:55:01 am »

Hi,
my opnsense uses pppoe to connect to the internet. sometimes my isp assigns me a private ip (100.xxx.xxx.xxx) which doesn't allow mu to VPN home using dyndns, there's a way to check wan ip address and force reconnect if is a private one?

Andrea

13

Intrusion Detection and Prevention / Re: IDS/IPS Clarification needed

« on: February 19, 2018, 04:03:33 pm »

I don't use them ("inappropriate"), I use only p2p. Everything else I block by port or by DNS.

ok, i' finally going this way too. but now i have a little OT question: how do you handle different blocking profiles by DNS? i mean: i have 2 subnets, i would like have a very restrictive profile on subnet 1 (guests) and a more permissive one in subnet 2 (private lan)

14

Intrusion Detection and Prevention / Re: IDS/IPS Clarification needed

« on: February 16, 2018, 03:35:32 pm »

but....at this point.... maybe the "ET open/emerging-inappropriate" rules are almost... useless?

15

Intrusion Detection and Prevention / Re: IDS/IPS Clarification needed

« on: February 16, 2018, 03:00:11 pm »

Cool! if my tests won't be successful i'll give this a try.