"
Oh man, that really Shadow Socks. : (
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
19.1 Legacy Series / Shadow Socks Plug-in Logs
July 11, 2019, 05:45:03 PM
Hello,
The documentation page found here https://docs.opnsense.org/manual/logging.html#plugin-logs indicates that plugins have their own log file. I installed shadow Socks plug-in but it is not creating a log file for itself. Is there a specific configuration for Shadow Socks to create the log file?
The documentation page found here https://docs.opnsense.org/manual/logging.html#plugin-logs indicates that plugins have their own log file. I installed shadow Socks plug-in but it is not creating a log file for itself. Is there a specific configuration for Shadow Socks to create the log file?
QuotePlugin Logs
Many plugins have their own logs. In the UI, they are grouped with the settings of that plugin. They mostly log to /var/log/ in text format, so you can view or follow them with tail.
#3
Tutorials and FAQs / Re: FTP Proxy Howto
May 08, 2019, 03:59:11 PM
Hi,
I am having a problem with this setup where the client connect to ftp proxy but then OPNsense sends the data back into itself on port 21.
client: 192.168.20.20:23456 --> firewall: 127.0.0.1:8021
then from
firewall: 10.10.10.11:45678 --> firewall: 10.10.10.11:21
See my full post here: https://forum.opnsense.org/index.php?topic=12617.msg58173#msg58173
Any help is greatly appreciated.
jmp
I am having a problem with this setup where the client connect to ftp proxy but then OPNsense sends the data back into itself on port 21.
client: 192.168.20.20:23456 --> firewall: 127.0.0.1:8021
then from
firewall: 10.10.10.11:45678 --> firewall: 10.10.10.11:21
See my full post here: https://forum.opnsense.org/index.php?topic=12617.msg58173#msg58173
Any help is greatly appreciated.
jmp
#4
19.1 Legacy Series / FTP-Proxy Setup - 19.1.4
May 02, 2019, 09:55:23 PM
Hello,
My setup:
Opnsense Int IP: 10.10.10.11
Opnsense Ext IP: 45.56.67.78
Internal client: 192.168.20.20
I have problems connecting to FTP sites via the FTP-Proxy. I followed this mini-howto:
https://forum.opnsense.org/index.php?topic=3868.0
I have NAT on LAN port forward from 21 to 8021 and External Outbound NAT on WAN IP. But, when I try to connect to any FTP site on the internet it times out thus connection to any internet FTP sites fail. I noticed that When i do a TCP dump i see the packets go from
client: 192.168.20.20:23456 --> firewall: 127.0.0.1:8021
then from
firewall: 10.10.10.11:45678 --> firewall: 10.10.10.11:21
the first packet is visible on the LAN interface and the second packet is shown afterwards on the lo0 interface.
Is there a configuration item/option i should be looking into to correct this problem?
Thakn you!!
My setup:
Opnsense Int IP: 10.10.10.11
Opnsense Ext IP: 45.56.67.78
Internal client: 192.168.20.20
I have problems connecting to FTP sites via the FTP-Proxy. I followed this mini-howto:
https://forum.opnsense.org/index.php?topic=3868.0
I have NAT on LAN port forward from 21 to 8021 and External Outbound NAT on WAN IP. But, when I try to connect to any FTP site on the internet it times out thus connection to any internet FTP sites fail. I noticed that When i do a TCP dump i see the packets go from
client: 192.168.20.20:23456 --> firewall: 127.0.0.1:8021
then from
firewall: 10.10.10.11:45678 --> firewall: 10.10.10.11:21
the first packet is visible on the LAN interface and the second packet is shown afterwards on the lo0 interface.
Is there a configuration item/option i should be looking into to correct this problem?
Thakn you!!
#5
19.1 Legacy Series / Re: Production 19.1.4 FTP-Proxy Setup
April 05, 2019, 04:42:37 PM
hi,
are there any other configuration options that I should be looking at?
are there any other configuration options that I should be looking at?
#6
19.1 Legacy Series / Re: Production 19.1.4 FTP-Proxy Setup
April 03, 2019, 10:04:25 PM
Hi Fabian,
thanks for the quick response. what i mean by NAT is setup on WAN interface from LAN net is -- Firewall, NAT: Outbound:
Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port Description
WAN LAN net * * * wan address * NO FW_NAT
On NAT Port Forward i have redirect rule:
LAN TCP 10.20.30.0/24 * * 21 (FTP) 127.0.0.1 8021
By the way, outgoing FTP connections to internet sites works ok with shadow socks. i however, rather have ftp-proxy working as some clients may not be able to use socks proxies for ftp access.
thanks for the quick response. what i mean by NAT is setup on WAN interface from LAN net is -- Firewall, NAT: Outbound:
Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port Description
WAN LAN net * * * wan address * NO FW_NAT
On NAT Port Forward i have redirect rule:
LAN TCP 10.20.30.0/24 * * 21 (FTP) 127.0.0.1 8021
By the way, outgoing FTP connections to internet sites works ok with shadow socks. i however, rather have ftp-proxy working as some clients may not be able to use socks proxies for ftp access.
#7
19.1 Legacy Series / Production 19.1.4 FTP-Proxy Setup
April 03, 2019, 05:34:30 PM
Hello,
I followed instructions to setup ftp-proxy as an FTP forward proxy indicated on https://forum.opnsense.org/index.php?topic=3868.0. I am however not able to get it correctly working unless I specify a reverse address to the internet. This will create difficulties in using ftp-proxy as I will have to define each external site and map it to a specific port. I took trace on internal and external interface and it looks like ftp-proxy does not pass the connection to external interface unless an external/internet address is indicated. When an internet reverse address is included on the setup, I see the OPNsense IP address sending to the Internet FTP site but in this below shown case I do not. I have included TCP trace below. Any setup hints you may provide are appreciated. jmp.
Version
OPNsense 19.1.4-amd64
FreeBSD 11.2-RELEASE-p9-HBSD
OpenSSL 1.0.2r 26 Feb 2019
FTP client: 10.20.30.41
OPNsense: 10.10.10.11
External IP: 12.3.4.5
NAT is setup on WAN interface from LAN net
I followed instructions to setup ftp-proxy as an FTP forward proxy indicated on https://forum.opnsense.org/index.php?topic=3868.0. I am however not able to get it correctly working unless I specify a reverse address to the internet. This will create difficulties in using ftp-proxy as I will have to define each external site and map it to a specific port. I took trace on internal and external interface and it looks like ftp-proxy does not pass the connection to external interface unless an external/internet address is indicated. When an internet reverse address is included on the setup, I see the OPNsense IP address sending to the Internet FTP site but in this below shown case I do not. I have included TCP trace below. Any setup hints you may provide are appreciated. jmp.
Version
OPNsense 19.1.4-amd64
FreeBSD 11.2-RELEASE-p9-HBSD
OpenSSL 1.0.2r 26 Feb 2019
FTP client: 10.20.30.41
OPNsense: 10.10.10.11
External IP: 12.3.4.5
NAT is setup on WAN interface from LAN net
Code Select
INTERNAL INTERFACE
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vmx1, link-type EN10MB (Ethernet), capture size 262144 bytes
10:57:53.338574 IP 10.20.30.41.49204 > 10.10.10.11.21: Flags [S], seq 4199712234, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
10:57:53.338702 IP 10.10.10.11.21 > 10.20.30.41.49204: Flags [S.], seq 1731605656, ack 4199712235, win 65228, options [mss 1460,nop,wscale 7,sackOK,eol], length 0
10:57:53.338574 IP 10.20.30.41.49204 > 10.10.10.11.21: Flags [S], seq 4199712234, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
10:57:53.338702 IP 10.10.10.11.21 > 10.20.30.41.49204: Flags [S.], seq 1731605656, ack 4199712235, win 65228, options [mss 1460,nop,wscale 7,sackOK,eol], length 0
10:57:53.346263 IP 10.20.30.41.49204 > 10.10.10.11.21: Flags [.], ack 1, win 256, length 0
10:57:53.338574 IP 10.20.30.41.49204 > 10.10.10.11.21: Flags [S], seq 4199712234, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
10:57:53.338702 IP 10.10.10.11.21 > 10.20.30.41.49204: Flags [S.], seq 1731605656, ack 4199712235, win 65228, options [mss 1460,nop,wscale 7,sackOK,eol], length 0
10:57:53.346263 IP 10.20.30.41.49204 > 10.10.10.11.21: Flags [.], ack 1, win 256, length 0
10:57:53.338574 IP 10.20.30.41.49204 > 10.10.10.11.21: Flags [S], seq 4199712234, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
10:57:53.338702 IP 10.10.10.11.21 > 10.20.30.41.49204: Flags [S.], seq 1731605656, ack 4199712235, win 65228, options [mss 1460,nop,wscale 7,sackOK,eol], length 0
10:57:53.346263 IP 10.20.30.41.49204 > 10.10.10.11.21: Flags [.], ack 1, win 256, length 0
10:57:53.338574 IP 10.20.30.41.49204 > 10.10.10.11.21: Flags [S], seq 4199712234, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
10:57:53.338702 IP 10.10.10.11.21 > 10.20.30.41.49204: Flags [S.], seq 1731605656, ack 4199712235, win 65228, options [mss 1460,nop,wscale 7,sackOK,eol], length 0
10:57:53.346263 IP 10.20.30.41.49204 > 10.10.10.11.21: Flags [.], ack 1, win 256, length 0
10:57:53.338574 IP 10.20.30.41.49204 > 10.10.10.11.21: Flags [S], seq 4199712234, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
10:57:53.338702 IP 10.10.10.11.21 > 10.20.30.41.49204: Flags [S.], seq 1731605656, ack 4199712235, win 65228, options [mss 1460,nop,wscale 7,sackOK,eol], length 0
10:57:53.346263 IP 10.20.30.41.49204 > 10.10.10.11.21: Flags [.], ack 1, win 256, length 0
10:58:13.445143 IP 10.20.30.41.49204 > 10.10.10.11.21: Flags [F.], seq 1, ack 1, win 256, length 0
10:58:13.445203 IP 10.10.10.11.21 > 10.20.30.41.49204: Flags [.], ack 2, win 513, length 0
10:58:13.445232 IP 10.10.10.11.21 > 10.20.30.41.49204: Flags [F.], seq 1, ack 2, win 513, length 0
10:58:13.453237 IP 10.20.30.41.49204 > 10.10.10.11.21: Flags [.], ack 2, win 256, length 0
Code Select
EXTERNAL INTERFACE
listening on vmx0, link-type EN10MB (Ethernet), capture size 262144 bytes
10:57:53.338574 IP 10.20.30.41.49204 > 10.10.10.11.21: Flags [S], seq 4199712234, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
10:57:53.338702 IP 10.10.10.11.21 > 10.20.30.41.49204: Flags [S.], seq 1731605656, ack 4199712235, win 65228, options [mss 1460,nop,wscale 7,sackOK,eol], length 0
10:57:53.346263 IP 10.20.30.41.49204 > 10.10.10.11.21: Flags [.], ack 1, win 256, length 0
10:58:13.445143 IP 10.20.30.41.49204 > 10.10.10.11.21: Flags [F.], seq 1, ack 1, win 256, length 0
10:58:13.445203 IP 10.10.10.11.21 > 10.20.30.41.49204: Flags [.], ack 2, win 513, length 0
10:58:13.445232 IP 10.10.10.11.21 > 10.20.30.41.49204: Flags [F.], seq 1, ack 2, win 513, length 0
10:58:13.453237 IP 10.20.30.41.49204 > 10.10.10.11.21: Flags [.], ack 2, win 256, length 0 #8
19.1 Legacy Series / Critical 19.1 production - cksum error when using ftpproxy
February 14, 2019, 05:18:13 PM
Hello Team,
I am facing a continuous problem with ftpproxy. Any time I use ftpproxy I get a check sum error on the sent packets thus outgoing FTP connections fail. The setup is for outgoing ftp from local users to internet via port 21 then forwarding to ftpproxy via port 8021. I disabled cksum for the 'em1' device with command line but it does not help (# ifconfig em1 -txcsum). This error happens no matter what ftp client I utilize. I have searched this forum and FreeBSD about this error to no avail. Any help you can provide with this is greatly appreciated.
OPNsense Version
OPNsense 19.1-amd64
FreeBSD 11.2-RELEASE-p8-HBSD
OpenSSL 1.0.2q 20 Nov 2018
System Hardware:
VMWare esx 6.5
Firewall Log:
Thank you!
jmp
I am facing a continuous problem with ftpproxy. Any time I use ftpproxy I get a check sum error on the sent packets thus outgoing FTP connections fail. The setup is for outgoing ftp from local users to internet via port 21 then forwarding to ftpproxy via port 8021. I disabled cksum for the 'em1' device with command line but it does not help (# ifconfig em1 -txcsum). This error happens no matter what ftp client I utilize. I have searched this forum and FreeBSD about this error to no avail. Any help you can provide with this is greatly appreciated.
OPNsense Version
OPNsense 19.1-amd64
FreeBSD 11.2-RELEASE-p8-HBSD
OpenSSL 1.0.2q 20 Nov 2018
System Hardware:
VMWare esx 6.5
Firewall Log:
Code Select
00:00:06.789708 rule 51/0(match): pass out on lo0: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
10.11.12.13.11691 > 10.11.12.13.21: Flags [S], cksum 0x0cfe (incorrect -> 0xc003), seq 2844765433, win 65228, options [mss 16344,nop,wscale 7,sackOK,TS val 62437946 ecr 0], length 0
00:00:00.000022 rule 50/0(match): pass in on lo0: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60, bad cksum 0 (->2ded)!)
10.11.12.13.11691 > 10.11.12.13.21: Flags [S], cksum 0x0cfe (incorrect -> 0xc003), seq 2844765433, win 65228, options [mss 16344,nop,wscale 7,sackOK,TS val 62437946 ecr 0], length 0
00:00:01.105789 rule 54/0(match): pass in on em1: (tos 0x0, ttl 119, id 26976, offset 0, flags [DF], proto TCP (6), length 52)
00:00:00.138671 rule 51/0(match): pass out on lo0: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
10.11.12.13.19435 > 10.11.12.13.21: Flags [S], cksum 0x0cfe (incorrect -> 0x19a3), seq 2737343667, win 65228, options [mss 16344,nop,wscale 7,sackOK,TS val 2387100 ecr 0], length 0
00:00:00.000020 rule 50/0(match): pass in on lo0: (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60, bad cksum 0 (->2ded)!)
10.11.12.13.19435 > 10.11.12.13.21: Flags [S], cksum 0x0cfe (incorrect -> 0x19a3), seq 2737343667, win 65228, options [mss 16344,nop,wscale 7,sackOK,TS val 2387100 ecr 0], length 0
Thank you!
jmp
#9
Tutorials and FAQs / Re: HOWTO - Redirect all DNS Requests to Opnsense
August 14, 2018, 07:05:03 PM
Thank you, this process worked well for me. I guess advanced options had a lot to do with it and no other posted mentioned such important part of the setup : /
Best!!
Best!!
Pages1
