Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Germano

Pages1 2
#1
French - Français / Redirection de port
October 09, 2018, 02:22:34 PM
Bonjour j'ai un pb pour le Nat de port.

je souhaite ouvrir le port FTP serveur un serveur en interne mais cela bloque.

Freebox 192.168.0.254>opnsense wan 192.168.0.17> lan opnsense 10.10.10.10> serverFTP 10.10.10.40

j'ai créé un regle Wan NAT TCP vers ip 10.10.10.40 mais cela ne fonctionne pas.
#2
French - Français / Re: Default Deny Rule TCP port
July 12, 2018, 04:14:07 PM
J'ai eu une reponse,

il s'agit du TCP flood ( asymetric traffic Hitting).

Firewall>règle>LAN> IPV4 default allow et tout en bas vous avez dans affiches les options. STATE TYPE a mettre sur AUCUN
#3
18.1 Legacy Series / Re: Default Deny Rule TCP port domain controller
July 12, 2018, 04:11:35 PM
Thanks, it was good now

I will not have found.

Firewall>LAN rules> IPV4 default rule      edit advanced option below.
Value STATE TYPE> NONE        apply
#4
18.1 Legacy Series / Default Deny Rule TCP port domain controller
July 12, 2018, 01:07:36 PM
Hello,

I do not understand the Default deny rule are not displayed in the interface.
through vlans I communicate with my domain but it blocks me TCP port 389,135,139,445.

yet I have a rule in LAN that allows communication LAN 10.10.10.0 LAN to an alias VLAN 10.10.30.0 ANY

all other ports are allow except those there.
I have to do what? it's still internal.
#5
French - Français / Default Deny Rule TCP port
July 12, 2018, 12:40:46 PM
Bonjour,

je ne comprend pas les Default deny rule ne sont pas affiché dans l'interface.
a travers des vlans je communique avec mon domaine mais il me bloque les port TCP 389,135,139,445.

pourtant j'ai bien une regle dans LAN qui autorise la communication du LAN NET 10.10.10.0 vers un alias VLAN 10.10.30.0 ANY

tous les autre ports sont allow sauf ceux là.
Je dois faire quoi?  cela reste de l'interne.
#6
General Discussion / Re: Switch L3 routing intervlan and Opnsense
June 14, 2018, 03:32:37 PM
I switched to Hybrid NAT mode and created a rules

NAT> Outbound

Interface    Source    Port Source    Destination    Port de Destination    NAT Address    NAT Port    Port statique    Description    
      WAN    any     *    *    *    Adresse de l'interface    *    NON     

But I have another issue, a Deny rule in liveview, see attached. I don't understand the rule to make
#7
French - Français / Re: Switch L3 routage intervlan et Opnsense
June 14, 2018, 03:26:05 PM
Justement il a besoin quand même de route et de Passerelle pour envoyer là ou il faut en l'occurence à mon switch.
J'ai du me mettre en mode Hybride on niveau de mon parefeu. et de créé une règle Wan en sortant

   Interface    Source    Port Source    Destination    Port de Destination    NAT Address    NAT Port    Port statique    Description    
      WAN    any     *    *    *    Adresse de l'interface    *    NON     
sinon mon flux Vlan 20 ne sors pas.

par contre j'ai une deny rule qui apparait dans mon live view et je ne vois pas d'ou cela vient. voir PJ
Je ne comprend pas la regle que je dois créer
#8
General Discussion / Re: Switch L3 routing intervlan and Opnsense
June 14, 2018, 12:01:38 PM
Actually I created a gateway in 10.10.10.1 and a static route (10.10.20.0/24 GW 10.10.10.1)
but if I leave like that the firewall blocks me all. therefore I do not know what to put as LAN / Wan rule.
I did the test by disabling the firewall and it blocks me.
#9
General Discussion / Re: Switch L3 routing intervlan and Opnsense
June 14, 2018, 09:52:05 AM
Yes my switch is routing between vlan. but I found for the DNs resolver part. OpenSense> system   setbox 'Allow DNS server list to be overridden by DHCP/PPP on WAN'

now in my vlan 20 , DNS resolution is ok.But when I ping ex: ns0.ovh.net request time out.
In live view, i saw the ping of my Pc LAN 10.10.20.3:53 193.70.18.144:53
in Unbound DNS i allowed VLAN 20 ( 10.10.20.0/24) in Access list.

I think that opense does not translate Nat DNS query to IP Switch
#10
General Discussion / Re: Switch L3 routing intervlan and Opnsense
June 13, 2018, 02:16:23 PM
So , You suppose,

Proxy DNS in activate mode ? My Opnsense version is 18.1.9.
i don't have mdns-repeater available .

what static route are you talking ?
#11
General Discussion / Re: Switch L3 routing intervlan and Opnsense
June 12, 2018, 02:37:19 PM
Ip opnsense 10.10.10.10 IP Lan
IP Interface Switch vlan default: 10.10.10.1
#12
General Discussion / Re: Switch L3 routing intervlan and Opnsense
June 12, 2018, 12:44:24 PM
Hi hutiucip,

the rules are created on the arp table of my Switch. so when I ping from my vlan 20 to vlan 10 it responds and vice versa. today my ping has my firewall and nothing comes out. My firewall responds to ping. but no DNS resolution is possible. on the other hand if I ping the IP revolution DNS 'orange.fr' my ping is OK TTL = 64ms except that it is my firewall that resolves and not my machine.

thanks
#13
French - Français / Re: Switch L3 routage intervlan et Opnsense
June 12, 2018, 10:05:09 AM
Quelqu'un a déjà eu ce genre de problème?

Maintenant depuis mes vlans créé sur mon Switch L3 j'arrive a ping mon Parefeu. mais je ne sors pas sur le Net.

#14
General Discussion / Re: Switch L3 routing intervlan and Opnsense
June 12, 2018, 10:02:59 AM
Help please
#15
General Discussion / Re: Switch L3 routing intervlan and Opnsense
June 11, 2018, 02:01:56 PM
j'ai créé des règle pour mon vlan 20 je ping maintenant mon pare feu mais cela ne sort pas.
et dans mon live view je n'ai pas de Deny rules.
Pages1 2