Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - ubear

Pages1
#1
General Discussion / [Help Needed] Block outgoing ping
August 18, 2024, 03:33:34 PM
Hello wise people!
I have the following setup:
LAN and 7 VLAN's on igb0
Primary WAN on igb1
Fallback WAN2 on igb2

Q1: I want to block ping from all LAN and VLAN's to any external addresses (WAN or WAN2) while preserving ping within my network.
My attempt for WAN: created an OUT rule on WAN that (PASS or BLOCK) IPV4 ICMP packets. both modes blocked the outgoing ping, WHY?

Q2: I want to enable outgoing ping from ONE particular host for speedtest. Adding such a rule (pass, from 192.168.60.10 to any, IPV4, ICMP) below or above the  previously mentioned rule has no effect. Why?

Why block ICMP:
https://socfortress.medium.com/data-exfiltration-using-icmp-and-how-to-detect-it-69a799cca234
https://medium.com/@sam.rothlisberger/icmp-echo-request-data-exfiltration-f41f59fcf87a
https://github.com/martinoj2009/ICMPExfil

Why block on WAN-OUT:
Because I heve 8 internal networks. one rule to block all ICMP plus 7 rules to allow ICMP to other internal LAN's is 64 rules to write.

Many thanks
Uri
#2
General Discussion / Please help: How to access an upstream router that has local address
December 26, 2021, 09:56:56 AM
Hello
my OPNsense instance is downstream from my ISP modem/router, my WAN address is 192.168.1.17.
I want to access the modem configuration page at 192.168.1.1 from my VLAN 192.168.40.1/24.
How should I configure the firewall/interfaces?
Tried:
1. Removed the tick at interfaces->WAN->Block local addresses
2. Created a local rule at VLAN40 to allow access to 192.168.1.1, placed first after standard no-lockout rules.

Advice?
Thanks
Uri
#3
General Discussion / Re: VLAN's drive me crazy
February 19, 2021, 08:52:21 AM
Thank you VERY much!
That did the trick!

My trust in machines (and people) is restored!

Thanks again
Uri
#4
General Discussion / VLAN's drive me crazy
February 18, 2021, 10:05:59 AM
Hello wise and mighty people.
I am using OPNsense for a SOHO environment with TP-Link smart switches such as TP-SG108E.
I have ~50 client machines on the LAN side of my OPNsense.
I have recently got it into my head to use VLAN's and it's driving me crazy:

on OPNsense:
i set up the 3 VLAN's on the OPNsense LAN line.
Base: DHCP is set 192.168.2.100-199 on LAN line
DHCP is set 192.168.40.100-199 on VLAN40
DHCP is set 192.168.50.100-199 on VLAN50
DHCP is set 192.168.60.100-199 on VLAN60

The smart switch is connected to the LAN line:
One trunk  port(8) is assigned to VLAN 40,50 and 50.
port 1 assigned to VLAN 40
port 2 assigned to VLAN 50
port 3 assigned to VLAN 60

Note: TP-link switches will ALWAYS pass VLAN 1 (un tagged packets) to all ports to prevent control lockout.

Problem:
When I connect my laptop to ANY port on the switch, I get the same 192.168.2.100 address.
I expected to connect the laptop to port 1 of the switch and get an IP 192.168.40.100 but got 192.168.2.100

Thoughts: Since the switch passes VLAN1 in any case, perhaps this DHCP server answers first? Can I change the order of DHCP servers?

Thanks
Uri
Pages1