OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of novecat »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - novecat

Pages: [1]
1
General Discussion / Re: [Resolved] OPNSense Firewall Default Deny Rule Blocking Traffic to Public
« on: January 17, 2019, 10:51:12 am »
Resolve, issue not related to OPNsense.
It is related to design issue.

2
General Discussion / [Resolved] OPNSense Firewall Default Deny Rule Blocking Traffic to Public
« on: January 15, 2019, 11:00:05 am »
Hi OPNSense Experts:

OPNsense version: OPNsense 18.1.9

Diagram (roughly drawn)
Public IP <----> Check Point Firewall (192.168.200.4) <--->  OPNSense Firewall (192.168.200.30/24) <---> NGINX (192.168.200.101/24)

Objective
Allow public to reach the NGINX server via HTTPS

Issue
I am having a very unusual issue with our OPNSense Firewall configuration, we have configured an NGINX sitting behind the OPNSense Firewall (acting as Tier 2) whilst a Port Forwarding was configured on the Check Point Firewall (acting as Tier 1).

On the Check Point Firewall, the logs can clearly see traffic hitting the public IP via HTTPS, however, the NGINX test page was not seen. After digging around suspecting the issue was on the Check Point, I realized the OPNSense Firewall are response to the public. (view image: Live Log and Live Log Detail).

Most ironic thing is, I have configured the Firewall to allow all traffics in and out but the Live Log is still showing a "Default Deny Rule" (view image: Floating Rule and Interface Rule)

Any idea what might be causing this? A bug? Or a misconfiguration on my end?

Regards,
Nove

3
General Discussion / OPNsense rsyslog not capturing its own hostname
« on: May 02, 2018, 06:13:00 pm »
Hi All,

I am using Fluentd to capture syslog and I just realized that the Firewall's hostname is not included in the rsyslog. (examples below). Comparing capture from Netflow, we can clearly see the host IP of the Firewall.

My current project is to gather 6 different firewalls syslog for record purpose hence if they are not differentiated either by hostname or their IPs, it will be rather confusing.

Fluentd itself has an alternative to work this out, but it will be tedious work.
Any chance if there are settings on OPNsense to tweak this?

Thanks

4
General Discussion / Re: [SOLVED] Monitoring OPNsense with Fluentd
« on: March 31, 2018, 08:08:22 am »
I will post up a tutorial once I have completed further testing.
Currently still facing challenge as the output is not being parsed to the format I wanted.

Marking as solved.
Thanks for all your help.

5
General Discussion / Re: Monitoring OPNsense with Fluentd
« on: March 26, 2018, 04:27:51 am »
Hi all,

I have managed to solve the issue myself after a long struggle

It seems I have to allow the port in CentOS itself to make it work... a newbie mistake I must admit.
Some attachment for your reference.

Hi Moderators,
Good to close this thread.

6
General Discussion / [SOLVED] Monitoring OPNsense with Fluentd
« on: March 20, 2018, 10:59:44 am »
Hi All,

I am new to OPNSense and have been using OPNsense in my environment for testing.
I am currently trying to incorporate fluentd to listen to logs and netflow from OPNsense but I must be missing something as it is not working at all at this stage.

The fluentd is installed on a CentOS (192.168.171.100), and it is connected the LAN interface of the OPNSense (192.168.171.1). Both of these are on Oracle VirtualBox VM
All the Firewall rules has been set to allow any any and the logging option under OPNSense has been allowed too (refer to OPNsense)
The CentOS can ping to the LAN interface, no problem

I have tried various sample of Fluentd configuration but nothing works.
There are samples online that I have mix and match but it doesn't work as well.
(refer to Fluentd config)

Unfortunately I could not find an actual tutorial to capture the logs and netflow from OPNsense using fluentd.
If there are any samples I can refer here to make it work, it will be great.

Netflow sample: https://github.com/repeatedly/fluent-plugin-netflow
Syslog sample: https://github.com/Woorank/fluent-plugin-logentries/issues/1
Setting up Fluentd: https://docs.fluentd.org/v0.12/articles/config-file
Fluentd Syslog guide: https://docs.fluentd.org/v0.12/articles/in_syslog
Fluentd UDP guide: https://docs.fluentd.org/v0.12/articles/in_udp

Thanks in advance

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2