Messages

1

19.1 Legacy Series / DHCP : static mapping automation

« on: November 10, 2019, 04:55:16 pm »

Hello,

I'm trying to automate the creation of DHCP static mappings (using Ansible). I couldn't find anything in the API related to DHCP. Is there another way than editing the dhcpd.conf ?

Thanks in advance,

2

19.1 Legacy Series / Re: tcp share_forward

« on: March 19, 2019, 03:13:03 pm »

Hello and thanks for your answer. You're right, I didn't explain my bug .... sorry for that. The issue is that the port forward doesn't work.

I tried what you proposed and it's working !! Thanks. What could be the consequences of disabling this ?

3

19.1 Legacy Series / tcp share_forward

« on: March 18, 2019, 08:25:26 pm »

Hello all,

Since OPNSense 17 or 18,  I have a bug (referenced here : https://opnsense.org/opnsense-17-1-1-released/). I need to issue the following command all the time to make sure that port forward keeps working :

Code: [Select]

sysctl net.pf.share_forward=0I even added this command to a custom action that I have scheduled every minute.
Is there a definitive solution to this issue?

Thanks in advance,

4

18.7 Legacy Series / DHCP : Static mapping automation

« on: January 25, 2019, 10:45:53 pm »

Hello,

I'm trying to automate the creation of DHCP static mappings (using Ansible). I couldn't find anything in the API related to DHCP. Is there another way than editing the dhcpd.conf ?

Thanks in advance,

5

18.7 Legacy Series / Re: NAT : port forwarding with a WAN on a private network

« on: November 13, 2018, 08:59:29 pm »

An update with the log view when trying to access with my smartphone (4G network) (it start with the last line) :

Code: [Select]

Interface Time Source Destination Proto Label
lan <- Nov 13 20:38:55 smartphone_public_ip:36364 192.168.2.119:443 tcp let out anything from firewall host itself
wan -> Nov 13 20:38:55 smartphone_public_ip:36364 192.168.2.119:443 tcp USER_RULE: https_rule
lan <- Nov 13 20:38:55 smartphone_public_ip:36362 192.168.2.119:443 tcp let out anything from firewall host itself
wan -> Nov 13 20:38:55 smartphone_public_ip:36362 192.168.2.119:443 tcp USER_RULE: https_rule

6

18.7 Legacy Series / NAT : port forwarding with a WAN on a private network

« on: November 12, 2018, 10:51:48 pm »

Hello everyone,

My ISP gave me a box which cannot act as a simple bridge so I have to deal with OPNSense having a private IP address on the WAN


Here is :

                           ISP BOX                         WAN                PFSENSE                         LAN         WEB SERVER
                        ___________________                 ______________________                   _____________
INTERNET ----> |PUBLICIP|192.168.1.1| -----------> |192.168.1.28|192.168.2.1| -----------> |192.168.2.119|
                         |_______|__________|                 |___________|_________|                  |____________|



I'd like to redirect 80/443 ports to my webserver (80->80 & 443->443), I've followed tutorials reviewed all I had done several times but it won't work..

Configuration :

WebServer : started and listens on both ports

ISP Box: both ports are redirected to OpnSense.

OPNSENSE
IF : WAN IPV4 TCP
SOURCE : any
DESTINATION : WAN address, port HTTP/HTTPS
REDIRECT : 192.168.2.119, port HTTP/HTTPS
NAT REFLECTION : enable
FILTER RULE... : Rule NAT


With this it doesn't work.


SO I tried to change the "Destination" and put my public IP.
It seems to be working in HTTPS (Firefox won't dusplay page because of selfsigned cert) but doesn't seem to work in HTTP ("connection impossible").

Anyway, putting my public IP as Destination doesn't seem to be a long term solution and I need port 80 to be well redirected (for let's encrypt at first)
I feel that putting "Destination : WAN address" should only be done when WAN is actually a WAN (i.e. with a public IP), which is not my case. However, I don't know what else I could put there...

Can anyone help me configuring my port forwarding?

Thanks in advance,

7

French - Français / NAT : redirection de port pour un WAN avec adresse privée

« on: November 12, 2018, 10:41:37 pm »

Bonjour à tous,

Je m'explique :

J'ai une box Orange fibre et donc OpnSense a l'IF WAN sur le réseu de base de la Livebox : 192.168.1.0/24.
Mon LAN est configuré sur le 192.168.2.0/24.

Ca donne ca :
                           LIVEBOX                         WAN                PFSENSE                         LAN         WEB SERVER
                        ___________________                 ______________________                  _____________
INTERNET ----> |PUBLICIP|192.168.1.1| -----------> |192.168.1.28|192.168.2.1| -----------> |192.168.2.119|
                         |_______|__________|                 |___________|__________|                |____________|



J'aimerais rediriger des ports web (80/443 dans un 1er temps). j'ai suivi les tutos mais rien n'y fait.

Configuration :

WebServer : démarré et en listen sur les 2 ports

Livebox : Dans la partie NAT/PAT j'ai redirigé les ports vers OPNSENSE.

OPNSENSE
IF : WAN IPV4 TCP
SOURCE : any
DESTINATION : WAN address, port HTTP/HTTPS
REDIRECT : 192.168.2.119, port HTTP/HTTPS
NAT REFLECTION : enable
FILTER RULE... : Rule NAT


Comme ca, ca ne marche pas.


J'ai essayé de changer la destination en mettant directement l'IP publique de la box :
Cela semble aboutir en HTTPS (mozilla pas content certif self signed) mais ca ne semble pas marcher en HTTP.

Dans, tous les cas, mettre mon IP publique (qui change de temps à autre ne me semble pas une bonne idée.

J'ai l'impression que "Destination : WAN address" n'est adapté que lorsque qu'OPNSense à le WAN directement sur internet, ce qui n'est pas mon cas. Cependant, je ne vois pas quoi mettre d'autre...

Voyez-vous comment configurer le port forwarding dans une configuration comme celle-ci?

Merci d'avance,

8

18.1 Legacy Series / NAT (Port Forwarding) and Spurious retransmission

« on: September 16, 2018, 04:31:38 pm »

Hi everyone,

I've set up PORT FORWARDING rules to redirect my web traffic (on my domain name) to my Traefik ReverseProxy. Following my issue, I re created my rules following : https://forum.opnsense.org/index.php?topic=6155.0.

Now the issue : on port 443 (https), everything works fine on https://httpd.mydomain.com

However, on port 80 (http), it's another story : I got timeout on my browser when trying to reach http://httpd.mydomain.com.

On destination server port 80 is opened and reachable from my OPNSense (curl get a server response HTTP 200).

I investigated : packets on ports 80 are seen by OPNSense which let them pass. So I installed Wireshark on destination server. HTTP packets do arrive on the server but, after the 1st 2 or 3 packets, exchanges are looping with  :
- TCP Retransmission from my server
- TCP Spurious Retransmission from my client (where resides my web browser).

Note that I make my tests with my mobile to be sure to not be on my LAN network.

Anyone can help?

Edit : I'm using OPNsense 18.1.13_1-amd64
Edit : replaced NAT with PORT FORWARDING, sorry for that