Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - Joolz

Pages1
#1
19.7 Legacy Series / Forwarding external IPs to machines in DMZ
August 28, 2019, 03:30:57 PM
Hi All,

I'm migrating from a Linux based UTM to Opnsense and have the following setup:

LAN - 172.20.0.0
DMZ - 172.21.0.0
WAN 33.31.153.xxx

Our ISP has provided us with a block of 14 external IP addresses for webservers, running 81.145.xxx.1 to 81.145.xxx.15 .

On our existing Linux UTM, all that was required to open the machines in the DMZ to the outside world was forwarding the port required as an incoming port forwarding rule, with the external IP named as the source, and the DMZ IP named as destination.  I tried replicating this on Opnsense but it didn't seem to work.

The existing UTM has been in place for a considerable length of time and there are all kinds of rules pushing ports all over the place so for instance, ports 22, 80 and 3389 on a single external IP may be resolving to 3 different machines in the DMZ which I believe excludes using 1:1 NAT.

What would be the eaisest way to replicate settings from the Linux box, if indeed that is possible?  Should I rejig the rules and go 1:1 or can I use IP aliases or normal port forwarding.

I'd be very grateful if anyone could point me in the right direction.

Thanks,

Joolz
#2
19.7 Legacy Series / The mystery of the disappearing interfaces
August 05, 2019, 02:02:13 PM
Hi All,

I've installed 19.7 on a Fujitsu rx100 S7 server, with an Intel dual 10G SFP+ NIC, an Intel single 10GbE ethernet card and two intel 1GbE nics built in to the motherboard.

After installation and a reboot, I ran the interface assignment from the CLI and configured the cards as follows:

1GbE onboard - em0 - Not connected
1GbE onboard - em1 - WAN
10Gb SFP+ -  ix0 - LAN
10Gb SFP+ -  ix1 - DMZ
10GbE - ix2 - PAV

Once done, I rebooted and when it came back up, one of the interfaces had disappeared and the install been rearranged to:

1GbE onboard - em0 - Not connected
1GbE onboard - em1 - WAN
10Gb SFP+ -  ix0 - LAN
10Gb SFP+ -  ix1 - DMZ  [Disappeared]
10GbE - ix1 - PAV - [Now relabled from ix2]

First thought was that I'd run it live and they'd disappeared after the reboot but when I checked syslog.log, ix2 was mentioned so it must have present after the install, but disappeared after the reboot.

I'm from a Linux background so don't mind the command line but this is my first time debugging BSD so is there any advice anyone can give for  tracking down what's happened/
Pages1