Messages

1

20.7 Legacy Series / Re: Port Forwarding Issue

« on: October 16, 2020, 09:15:41 am »

It turns out this works fine. It appears to be an issue with Windows Firewall and the app I was using to listen.

Thank you for reading. Take care! 

2

20.7 Legacy Series / Port Forwarding Issue

« on: October 16, 2020, 07:31:03 am »

Hello, everyone!

I've been having a tough time getting port forwarding to work on OPNSense 20.7 and there's no obvious reason why.

Here's what I did:

1) Enabled Reflection for Port Forwards, 1:1, and Automatic outbound NAT for reflection


2) Created a Port Forward for TCP/UDP for a specified port: 48210, with Interface NAT, Destination WAN address, and Target IP as Internal IP (say: 192.168.1.211)


Now comes the fun part... Testing it with an external port checker. No luck 


Now for some other information. My network structure involves several VLANS. Each has DHCP enabled. One of these is for OpenVPN, and whenever someone is on 192.168.200.0/24, it will route via the manual rule in NAT:Outbound to the OpenVPN Interface. Otherwise, it will use the automatic rules. Note that none of this should be relevant as I'm forwarding to 192.168.1.0.



The final bit of information I have is through watching the firewall itself via the label I made in the rule, with the rule pointing to the same one I made.


Here's the IN Nat Rule:

...and here's the OUT traffic from WAN:


Has anybody encountered something like this? I'm at a bit of a loss on why this would be failing. The only thing I'm noticing is that both of these firewall logs only show TCP Flags of S. Shouldn't there also be an A?

If anybody has any ideas, please let me know. I'm tearing my hair out here. I'd even be willing to pay if someone would be willing to help figure this out 

3

Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering

« on: August 15, 2020, 10:11:06 pm »

It looks like setting the IDS from WAN to another interface, even if it's off, should work around this issue.

Perhaps adding this to the knowledge base, or recommending it in the error prompt, would let people know to do this if they choose to use bridged mode?

4

Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering

« on: August 15, 2020, 08:33:09 pm »

Hi @myzar495, Sensei will complain if you configured Suricata on one of its interfaces (even if Suricata is not running yet).

Reason is, later on users might start Suricata with the saved configuration forgetting that Sensei is running on the same interface.

I don't remember ever even using it on this particular OPNSense setup. It's off now. I can't really uncheck WAN as it doesn't let me save without an interface assigned.

Is there a workaround? Can I assign it to another interface? Can I remove the config file?

5

Zenarmor (Sensei) / Re: Sensei on OPNsense - Application based filtering

« on: August 15, 2020, 08:22:27 pm »

I'm getting an issue with Sensei telling me to disable Suricata when enabling Bridge mode. The thing is, it isn't enabled. All Hardware interfaces are off as well. Bit of a strange thing this is.

Thanks