Messages

1

20.1 Legacy Series / Re: Issues with getting on the internet using static external ips and 1to1 nat

« on: June 30, 2020, 08:47:53 pm »

Alright so sorta still issues happening.

 Since Floating Rules is by default where device interfaces are kinda being used for firewall rules I had to create Firewall Rules to allow any traffic which then allowed the External/Public Ip's to work internal Side but alot of traffic is still blocked. I noticed i also had to create rules inside Lan, Wan, External Nics with allow any rules to further allow more traffic but im unable to connect directly to my Public IPs inside my External nic when i use a static Public IP on a device. If i set a static private IP on the device then 1to1 nat to the external IP then it seems to open it up more for remote connecting.

when i compare it to my pfsense setup it works as intended. What im noticing is the default generated firewall rules block way to much by default. not being able to delete or modify them is a pain. even though i have created manual rules the auto generated rules according to documention will still overide my manual rules which doesnt make sense.

https://docs.opnsense.org/manual/firewall.html

Internally rules are registered using a priority, floating uses 200000, groups use 300000 and interface rules land on 400000 combined with the order in which they appear. Automatic rules are usually registered at a higher priority (lower number).

what im noticing between Pfsense and Opnsense is that they may be similar in looks and setup but they act way differently even when setup basically the same.

How can i access my Public IP's internal remotely when i assaign a static IP to the device. It can get on the net. it knows what IP it has via whatsmyip.org but i cannot connect to the device remotely or access certain ports remotely.

2

20.1 Legacy Series / Re: Issues with getting on the internet using static external ips and 1to1 nat

« on: June 27, 2020, 07:35:39 am »

Okay i got them woorking, I had to create some floating Rules in the firewall, it was blocking traffic.

3

20.1 Legacy Series / Re: Issues with getting on the internet using static external ips and 1to1 nat

« on: June 27, 2020, 06:32:49 am »

 

the "External Block: 51.212.214.1/24" is a /24 routed to the /29. That is a Block of Public IP's. its not a private IP https://en.wikipedia.org/wiki/Private_network

That means I can use it as my lan IP range and all my devices will have Public IP address internally and be routed out thru the /29.

4

20.1 Legacy Series / Re: Issues with getting on the internet using static external ips and 1to1 nat

« on: June 27, 2020, 06:22:33 am »

please actually read my post.

5

20.1 Legacy Series / Re: Issues with getting on the internet using static external ips and 1to1 nat

« on: June 27, 2020, 06:18:45 am »

i have a /24 routed to that /29

PfSense setup(example IP's)
Block of ips
Main:51.212.213.112/29
External Block: 51.212.214.1/24
IPv6 Main: 2001:XXX:0:XX::X58/126
External Block: 2001:XXX:8XXa::/48

6

20.1 Legacy Series / Re: Issues with getting on the internet using static external ips and 1to1 nat

« on: June 27, 2020, 06:06:22 am »

I did Say, I'm using my External IP address range on LAN3. normally this would be how you use your external Block inside your router. My External block is routed to my Gateway ip and adding in 256 IP's one by one is a joke.

7

20.1 Legacy Series / Re: Issues with getting on the internet using static external ips and 1to1 nat

« on: June 20, 2020, 08:59:07 am »

So i started over from scracth again, Im able to get IPv6 working no problem, Ipv4 on lan1 works getting out to the net but but all of my pc's show the gateway ip within the /29 I cant get my External IP range of the /24 working internally. I keep going over my pfsense box and comparing my config to opnsense, im almost thinking what i want to do opnsense just cant do it, ive spent the last 10hours trying to get this working.

8

20.1 Legacy Series / Issues with getting on the internet using static external ips and 1to1 nat

« on: June 15, 2020, 10:15:25 pm »

Hi,

So im a long time user of PFsense but would like to try out OpenSense, i like the interface way better.

My Issue is when i pretty much duplicate my settings from PFsense over to OpenSense, My static IP's and 1to1 nat ips don't seem to work.

PfSense setup(example IP's)
Block of ips
Main:51.212.213.112/29
External Block: 51.212.214.1/24
IPv6 Main: 2001:XXX:0:XX::X58/126
External Block: 2001:XXX:8XXa::/48

Wan-IPV4 UpstreamGateway:51.212.213.113, IP:51.212.213.114
Wan-IPV6 2001:XXX:0:XX::15a, IPV6 Upstream 2001:559:0:XX::159
Lan1- Static: 192.168.0.1/22
Lan2- DHCP: IPV4: 10.69.0.1/16
Lan2- DHCP: IPV6: 2001:XXX:8XXa::1(IPV6 doesn't seem to work correctly in PFsense)
Lan3- Static: 51.212.214.1/24 UpstreamGateway: 51.212.213.114

now with this setup I can use 1to1 or static Ips using the external block on the lan 2 network and everything works.

But when i do a Similar setup inside Opensense My Static IP's do not work

Wan- UpstreamGateway:51.212.213.113, IP:51.212.213.114
Lan1- DHCP:10.69.0.1/16
Lan2-
Lan3- Static:51.212.214.1/24 UpstreamGateway: 51.212.213.114
Lan3- DHCP: IPV6: 2001:XXX:8XXa:ffff::(IPV6 seems to work in Opensense as intended)

now if I assign a static ip of 51.212.214.10 in Pfsense it can get on the internet and I can do a whatsmy ip and its getting the correct external IP of 51.212.214.10 . If i assign a 1to1 Nat same thing it works.

If i assaign the same IP in Opensense The machine cant seem to get on the internet, same with 1to1 Nat.

sometimes the machine might get internet acccess for a few minutes at a time but its showing the main gateways IP as its IP in the internet 51.212.213.113.