Messages

1

French - Français / relayd en mode redirect

« on: March 08, 2024, 04:42:43 pm »

Bonjour,

j essaye d’implémenter un redirecteur avec le plugin relayd type redirecteur : (venant de https://man.openbsd.org/relayd.conf.5 )

It is possible to specify multiple listen directives with different IP protocols in a single redirection configuration:

redirect "dns" {
   listen on dns.example.com tcp port 53
   listen on dns.example.com udp port 53

   forward to <dnshosts> port 53 check tcp
}

Manque de bol des que je met "redirector" impossible de sauver la conf l'interface gui se bloque ?
Si je suis en mode "relay" tout marche impecable, je peut rediriger mes requetes LDAP ou AD-GC sans soucis.
Mais j ai besoin du mode redirect pour faire du TCP et de l'UDP, sinon je peux pas relayer mes DNS.
Quelqu'un aurait il une idée ?

Un grand merci d'avance
PS: j'aimerais eviter HAProxy et rester en relayd.

2

General Discussion / route questions

« on: December 07, 2020, 10:02:08 am »

Hello,

i ve got in trouble for a week, and i ve find something i can not explain.

I m on the process to change my old ASA 5520 by two opnsense who would run under an ESX hypervisor. For the moment i can just test the HA-opnsense solution beeing after the ASA 5520 (i ve juste one network access to a dedicated network for french research with a /29 for connecting (3 address for my 2 ASA and 3 other for what is in front, which i don't have access). IPv6 is not used and disabled.

So, i tried to make my protoype and when i change the WAN gateway from autodetect to the address (that i ve defined before as a /32) , icmp works (at least tracert -I works) but tcp and udp won't (ssh, http,https,...). When i switch back to wan-gateway-autodetect everythings works. I ve verified that route are the same (netstat -arn) : they are !
So where is the difference ?

PS: i ve spend a long time because cisco asa packet tracer complain about "rpf-violated reverse-path verify failed" and show packet as dropped, but in fact as nat control is off, packet goes through the asa ...

many, many thanks for lighting my feeble mind.

3

General Discussion / slight modifs

« on: December 04, 2020, 10:27:48 am »

Hello,
not sure i am in the right place ...

First : great,great,great product !

Just in the /usr/local/www/guiconfig.inc, wonder if it would be nice to add the port in the labels ie:
25 => "SMTP(25)" instead of  25 => "SMTP"
should be more clear..

In the documentation about Translation NAT, outbound , ... ; it should be clearly said that if we make a translation between a WAN and something else, the WAN address must be created by hand (ip alias) and is not automatically created. In the case we use the FW address as the output address, we dont need it, but if you want to use another address/range, it is not automatically created.

Perhaps there is on menu i ve missed, but is it posible to have a list of all pf rules, and a list of all rules in the fw (not pf, but opnsense view, i must see all rules by interfaces, no global view).

Should be nice on the ui to have the button "add" always at the same place (in the firewall->aliases it is on the bottom, in the firewall->rules->lan it is on the top)

thanks for taking time reading me.