Messages

the problem is the lack of glasses of those who decided to replace this thing that never worked properly.
Opnsense loses a lot of reputation with this.
For me it was the best of all, I was even considering paying for the most complete version, but I'm starting to look for other solutions.

the same happened to me. the same problem, exactly the same.

If there are block lists, tutorials,... it's because they are useful.
But despite being new to Firewalls:
What use is it if there is already a predefined WAN rule that blocks everything except what we created as an exception?
Firewall consumes more resources, such as RAM,... getting heavier, and maybe not having the strength left to stop a DOS, etc,...

Facts:
- I setup dual WAN for loudbalance and failover (2 diferente ISP providers).
- Both ISPs (WANS) DHCP;
- Both ISPs (WANS) Modems are in bridge mode;
- Both ISPs (WANS) DHCP IPs apears as external IPs As WAN1/WAN2. Not internal IPs;
- I setup using the manual wi-ki from opnsense page;
- I have about 60 PCs on LAN and evething is working well;
- Default allow LAN to any rule -> changed gateway from Default to LoudbalaneGroup;
- Added a rule just above the default LAN allow rule to make sure traffic to and from the firewall on port 53 (DNS) is not going to be routed to the Gateway Group that i definned.
- Enabled Sticky Connections;
- Enabled Default Gateway Switching (i use unbound DNS);
- Loadbalance and failover ae working fine;
- All my about 60 machines i fix IPV4 DHCP Static Mappings and on each one put a ticket on (ARP Table Static Entry);
- All my about 60 machines have a fixed LAN IPs;
- All my about 60 machines are Win Servers 2016 R2
- Each one (60 Server2016) are individual AD/DC (each one are Active Directory/Domain Controller)
- Clients access my 60 Servers remotely with OpenVPN;

can someone help with:
When i change the Default allow LAN to any rule gateway from Default to LoudbalaneGroup everyting still working well, but internaly none PCs/Servers can ping the opnsense gateway 192.168.1.251
?? But i can ping each Server to any other one. Only OPNsense i cant ping.

At least everithing lokks working well, but,..

what could i did wrong?

Is there a manual or exemples to restrict WebGUI Access to host(s) IP or by mac adress, only inside LAN?
I found some but for pfsense. Propably it´s the same...

1-My OPNsense allready working betwen (bridge mode modem) and my LAN. Is there some manual for this just to confirm if i dit it well? Didn't find any manual.

2-I use a lot RDP connections with NAT - port redirect like 9998 -> 3389,... for exemple.
Is there some manual recomendation for this kind of connections, secure, but whithout losing connection performance?

3- I Have some independent Servers in my LAN and each one is AD/DNS (of himself). The gateway on servers point to OPNsense and DNS to. Im not sure if i did it well: Server Properties, i delete Root Hints, clear Cache and Forword DNS do opnsense (Unbound DNS); But don't know if OPNsense be able to take it? Or should i setup one server for doing the DNS service? Not about OPNsense hardware, but good/best recomendation?
Is there some good pratices for OPNsense DNS? Unboud/DNSmasq or using the both?

4- In firewall apears lots of WAN IN:
source 10.211.0.1:67   destination 255.255.255.255:68   udp protocol   label: Block private networks from WAN
If 10.211.0.1 is na internal ip, why it appears as WAN Blocket? strange!??
I look somehere is the ISP DHCP relay agent. Could be something badly configured from my side or from the ISP side? Or normal? It apears on firewall about 7 or 8 times per minute.

Could you please give me some lights/help please to this new member /new with OPNsense.