Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - dibun

Pages: [1]

20.7 Legacy Series / Migration issues after moving to virtual from physical HW

« on: November 04, 2020, 12:41:01 am »

I am running OPNsense 20.7.4 on pcengines APU3 HW and recently I bought a fanless minipc and installed Proxmox there. I export the running-config from APU3 and imported into the VM.

The VM won't boot as it cannot find the Igb0,1 and 2 interfaces and got stuck after the HTTPS, SSH keys section.

I really don't want to create the configuration from scratch again as it will consume a lot of time. Is there any easy way to migrate?

Thanks in advance

General Discussion / Re: Client based BIND DNSBL ACL

« on: April 24, 2020, 12:16:36 am »

What type of fw rules should I have to force it?

General Discussion / Client based BIND DNSBL ACL

« on: April 21, 2020, 11:57:11 pm »

Is it possible to have the client based DNSBL ACL in Bind where I can choose what to block based on the client? At present in Kids VLAN inappropriate content is blocked. Now I am planning to merge Kids devices to main VLAN so I need client-based filtering.

Thanks in advance.

19.1 Legacy Series / Re: DNSMasq/Bind/DNSBL

« on: April 26, 2019, 11:06:28 pm »

I am using dnsmasq for getflix so my Netflix can work on US content (https://getflix.zendesk.com/hc/en-gb/articles/201056954-Can-I-selectively-use-Getflix-DNS-servers-for-specific-domains-)

I tried the unbound config but that didnt work. I want different DNSBL lists for kids and adult pc. Now if I enforce Youtube safe search it applies to the LAN.

I found a Howto for unbound for pfsense https://mitky.com/pfblockerng-pfsense-filter-specific-clients-computers-network/

19.1 Legacy Series / DNSMasq/Bind/DNSBL

« on: April 26, 2019, 09:48:23 pm »

I have the following setup.

All the DNS requests are processed by DNSMasq and then forwarded to BIND with DNSBL.

Is there a way to exclude specific hosts from BIND DNSBL?

19.1 Legacy Series / Firewall rules changed on reboot

« on: April 11, 2019, 05:50:57 pm »

I have HW from Pcengines and it has 3 ports

1. WAN (1st port) wan/igb0
2. LAN (2nd port) opt1/igb1
3. DMZ (3rd port) opt2/igb2
4. Guest (VLAN 10 on LAN port) opt4/igb1_vlan10

Recently during one of the reboots, the LAN traffic started flowing via Guest VLAN and everything got blocked. The only way to allow is to shut down the firewall or allow LAN net firewall rules under guest VLAN.

I did reinstall and configured from scratch and it worked but now it happened again after the reboot.

I am running the latest production release.

igb1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
   options=400b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO>
   ether 00:0d:b9:51:0b:fd
   hwaddr 00:0d:b9:51:0b:fd
   inet6 fe80::20d:b9ff:fe51:bfd%igb1 prefixlen 64 scopeid 0x2
   inet 10.1.1.1 netmask 0xffffff00 broadcast 10.1.1.255
   nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
   media: Ethernet autoselect (1000baseT <full-duplex>)
   status: active

igb1_vlan10: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
   ether 00:0d:b9:51:0b:fd
   inet6 fe80::20d:b9ff:fe51:bfd%igb1_vlan10 prefixlen 64 scopeid 0x9
   inet 10.2.1.1 netmask 0xffffff00 broadcast 10.2.1.255
   nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
   media: Ethernet autoselect (1000baseT <full-duplex>)
   status: active
   vlan: 10 vlanpcp: 0 parent interface: igb1
   groups: vlan

Export from backup XML
LAN rule
----------------------
<rule>
<type>pass</type>
<interface>opt1</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<descr>HTTP</descr>
<protocol>tcp</protocol>
<source>
<network>opt1</network>
</source>
<destination>
<any>1</any>
<port>80</port>
</destination>
<updated>
<username>root@10.1.1.5</username>
<time>1554540266.7673</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@10.1.1.5</username>
<time>1554540266.7673</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
</rule>

Guest VLAN
--------------

<rule>
<type>pass</type>
<interface>opt4</interface>
<ipprotocol>inet</ipprotocol>
<statetype>keep state</statetype>
<descr>Default allow LAN to any rule</descr>
<source>
<network>opt4</network>
</source>
<destination>
<any>1</any>
</destination>
<updated>
<username>root@192.168.1.4</username>
<time>1553809108.1252</time>
<description>/firewall_rules_edit.php made changes</description>
</updated>
<created>
<username>root@192.168.1.4</username>
<time>1553809108.1252</time>
<description>/firewall_rules_edit.php made changes</description>
</created>
<disabled>1</disabled>
</rule>

Any help is really appreciated

19.1 Legacy Series / Re: Interfaces swapping after reboot

« on: April 09, 2019, 10:13:05 am »

All the issue started after I tried to lock the interface. On CLI or GUI interface seems to be fine but the traffic has swapped according to the FW rules. Before the traffic was going via LAN interface and now it uses the Guest VLAN interface. It works if I stop the FW.

19.1 Legacy Series / Interfaces swapping after reboot

« on: April 09, 2019, 02:15:49 am »

I have HW from Pcengines and it has 3 ports

1. WAN (1st port)
2. LAN (2nd port)
3. DMZ (3rd port)
4. Guest (VLAN on LAN port)

Recently during one of the reboots the interface has switched between LAN to Guest and naturally FW rules failed. Even traffic is going via Guest interface instead of LAN
I did reinstall and configured from scratched and it worked but now it happened again and I did restore it from a good working backup but that didn't solve the issue.

I am running the latest production release.

Any help is really appreciated

General Discussion / Help regarding DNS setup

« on: April 07, 2019, 03:07:29 am »

I have the following DNS setup

1. I am using Dnsmasq as described here https://getflix.zendesk.com/hc/en-gb/articles/201056954-Can-I-selectively-use-Getflix-DNS-servers-for-specific-domains- to forward Netflix request to Getflix DNS servers and it is working fine

I want to achieve the following

1. Since I have kids at home, how can I do the following? For kids devices, All Netflix traffic goes via Getflix DNS and the rest of the traffic goes via OpenDNS or Bind DNSBL?

2. For adults devices, it goes via ISP's DNS servers and adblockers in Bind DNSBL

I tried Netflix domain overrides in Unbound but that didn't work but it works in Dnsmasq. I searched in the forum but didn't find any relevant material.

Thanks in advance

19.1 Legacy Series / Re: webgui cannot edit / enable dnsmasq

« on: April 03, 2019, 12:53:28 pm »

I have same error with version 19.1.4

[03-Apr-2019 12:17:45 Europe/Oslo] PHP Warning: Illegal string offset 'enable' in /usr/local/www/services_dnsmasq.php on line 85
[03-Apr-2019 12:17:45 Europe/Oslo] PHP Warning: Illegal string offset 'regdhcp' in /usr/local/www/services_dnsmasq.php on line 86
[03-Apr-2019 12:17:45 Europe/Oslo] PHP Warning: Cannot assign an empty string to a string offset in /usr/local/www/services_dnsmasq.php on line 86
[03-Apr-2019 12:17:45 Europe/Oslo] PHP Warning: Illegal string offset 'regdhcpstatic' in /usr/local/www/services_dnsmasq.php on line 87
[03-Apr-2019 12:17:45 Europe/Oslo] PHP Warning: Cannot assign an empty string to a string offset in /usr/local/www/services_dnsmasq.php on line 87
[03-Apr-2019 12:17:45 Europe/Oslo] PHP Warning: Illegal string offset 'dhcpfirst' in /usr/local/www/services_dnsmasq.php on line 88

Pages: [1]