Messages

thanks franco,

yes i noticed that as under "interfaces" theres a "point to point" section and the pppoe settings are there so if i change igb2 pppoe0 to a new igb2 the pppoe settings will still be there?

ahhh i see nice, so if i do this and go in wan again i will see DHCP option under "IPv4 configuration type"

sorry so atm my WAN is assigned to pppoe0 (igb2)

do i need to delete that and then

create a new WAN and assign it to igb2

hi all,

when i click on WAN interface and for the drop down "IPv4 configuration type" i cant see DHCP anymore, all thats in the drop down box is

None
PPPoE

i need DHCP as sky my ISP use this and not PPPoE

thanks,
rob

reading this

In order to provide a secure and verified environment, it is advisable to use a firewall rule to prohibit any outgoing DNS traffic on port 53 when using DNS over TLS. If clients choose to directly query other nameservers on their own, a NAT redirect rule can be used to send these requests to 127.0.0.1:53, which is the local Unbound service. This will ensure that these requests are sent over TLS.

ive done the block rule

   IPv4+6 TCP/UDP    *    *    ! RFC1918     53 (DNS)    *    *       block LAN DNS to internet

but how do i set up the NAT

what do i put in

destination -  any
destination port range - 53
redirect target ip - 127.0.0.1/32 or "this firewall"
redirect target port - 53

thanks,
rob

LOL, what an idiot, your right @meyergru

my phone was still on wifi, as soon as i was on mobile data went back on the tapo app and i can no longer see my camera feeds, interesting i dont need the other ipv6 rule, it just works with the ipv4 rule (i attach below pic)

https://postimg.cc/5HgtF54C

i have no floating rules

changed the cameras alias from hosts to mac address and added the mac addresses of both cameras, applied the changes and still not working

the way im seeing them not working is i go on the tplink tapo app on phone and i can still see them connected so i know there still going on the internet

what ip address do i put in for ipv6 as they havnt got an ipv6 address, or have they?

ok heres my new rules

https://postimg.cc/ctGjQ7tr

so ive made one for ipv4 and one for ipv6, my ipv4 is camera ipv4 ips and ipv6 is camera mac addresses

heres my "allint" i have grouped all my local LAN interfaces

LAN_HOME - my tp link cameras sit here
DMZ
openvpn
wg1
wg0

heres my full set of rules

https://postimg.cc/3d9xSHDG

but trouble is my rule doesnt work and i dont understand why it doesnt work, i dont get how its going out even tho ive created a rule for it, do i need to create an outbound NAT rule aswell?

but surely there on my LAN and using those ips i gave to you guys ie 10.100.1.249 and 250 as i can see the leases on my dhcp?

how would i then go about blocking those cameras off the internet then please?

hi all,

made a rule to block cameras to the internet as i dont want to manage on the cloud anymore as i have a local NVR set up

this is my rule

https://postimg.cc/kBq4V72N

and these are my aliases

rfc1918
<content>10.0.0.0/8
172.16.0.0/12
192.168.0.0/16</content>

cameras
<content>10.100.1.249
10.100.1.250</content>

and there def the ips as when i stream them via vlc i see the streams

am i doing something stupid

thanks,
rob

thanks RamSense

doing this command on my opnsense

tcpdump -i vtnet0 port 853

should i replace vtnet0 with my lan or wan interface?

thats very wierd i made a floating rule to block 53 and it worked as i couldnt access any websites anymore but when i did a tcpdump on my lan interface on 53 i could see loads of activity so somethings wierd, so it looks like my DoT isnt working

thanks,
rob

hi all,

enabled DNS over TLS via here

https://www.zenarmor.com/docs/network-security-tutorials/how-to-configure-dot-on-opnsense

getting stuck when i create my own fw rules and nat to stop 53 out

as i have a few fw rules, should i create the block for 53 at the bottom so its first or at the top

thanks,
rob

found a good link

https://www.youtube.com/watch?v=H7zsBNFCG5M