Messages

I want to create a "local only" network which can ONLY be accessed inside my local network. But I am currently struggling to setup IPv6 for it. As the devices in this network should not access the internet the do not need Global Unicast Address but I want to give them Unique Local Adresses.

Going to the interface settings I tried to select the right IPv6 configuration type. But they all seem not to be the right:
- None -> I do want to setup IPv6
- DHCPv6 -> on this network there is no DHCPv6 server OPNsense shall be it
- 6rd/6to4 Tunnel -> I do not want to tunnel IPv6
- Track Interface -> I do not want to track another interface as this network shall not get any GUA
- SLAAC -> This only gives Link Local Unicast addresses

So what am I missing or is this feature not supported?

I am currently setting up a network for IPv6. As I need to supply both Unique Local Unicast and Global Unicast addresses, I have a bit of a problem. I get the Global Unicast Addressspace via prefix delegation and allocate them via interface tracking because they are dynamic. The Unique Local Unicast is setup via Router Advertisments und Virtual IPs.

Now to the problem.
Currently I change my rules and the Router Advertisments regularly as the Global Unicast Prefixes change and I would like to know how this could be configured to be done by OPNsense automatically.

Through a coincidence I found which type of alias I should have used.

I should have used "Host(s)" instead of "URI(IP)".

In the alias I put the IP. In the pftables there was notinh in the "Ali" Alias. After I added the correct IP in the pftables the rules are now working.

But what type shall I select when adding an alias in Firewall => Alias, so that it is correctly added to the pftables.

Yes it is sending the traffic back as I stated, that I can access if I disable the reject rule.

When the reject rule is active the label says "USER_RULE" and the interface is LAN.
When the reject rule is disabled the label says "let out anything from firewall host itself" and the interface is DMZ.

I recently switched to OPNsense.
I now setup some firewall rules for LAN, but  they are not working as intended.

My rules are in this order

Action	Protokoll	Source	Port	Destination	Port	Gateway	Schedule	Description
Pass	IPv4 TCP/UDP	LAN net	*	Ali	443	*		Allow Https of Ali
Pass	IPv4 TCP/UDP	LAN net	*	Ali	80	*		Allow Http of DMZ
Reject	IPv4 *	LAN net	*	DMZ net	*	*		Deny everything else in DMZ
Pass	IPv4 *	LAN net	*	*	*	*		Allow Internet
Pass	IPv6 *	LAN net	*	*	*	*		Allow Internet

"Ali" is an alias to an URI(IPs) within DMZ and DMZ is a third network interface.
The rules result in me being able to surf in the internat, but not acces the Web-Server running on "Ali".
But when I disable the third rule I am able to access the Web-Server running on "Ali".

Now I am not understanding where I am going wrong.