Messages

Hola, tengo configurado un servidor en Hetzner con Proxmox y en la primer maquina virtual tengo OPNSense...

en el Proxmox tengo 3 maquinas virtuales... 1 es un webserver que uso en "DMZ"  y es el ultimo registro:
Interface = LAN WAN ---- TCP IPV4 ---- PROTOCOL any ---- SOURCE any ---- Destination WAN net ---- Single host 192.168.1.100

arriba de esto tengo otros puertos asignados a otras maquinas virtuales...

el problema radica en que cuando activo ese registro, las maquinas virtuales todas dejan de navegar en internet... intente agregar un puerto 53 al localhost del opnsense pero no ha funcionado...

PD: Lo estoy haciendo de esta manera porque tengo que habilitar muchos puertos para hacer pruebas... y el 2ndo problema, es que si habilito todo manualmente puerto por puerto... puedo ver las maquinas entre si y todo... pero no se envian los emails! rarisimo!

PD: en mi casa tengo configurado 2 lineas de fibra optica directo a un servidorcito con opnsense (no virtualizado) en 2 puertos ethernet... y tengo 3 servidores a su vez cada uno con proxmox... y todo me funciona sin tocar nada... no entiendo!

up

Hello, I have a server in Hetzner with 1 public IP...

Inside I have Proxmox installed, where I direct all traffic to a virtual machine with OPNSense.

this is my /etc/network/interfaces



source /etc/network/interfaces.d/*

car it
iface lo inet loopback

iface lo inet6 loopback

car enp4s0
iface enp4s0 inet static
         address 78.46.XX.76/27
         gateway 78.46.XX.65
         up route add -net 78.46.XX.64 netmask 255.255.255.224 gw 78.46.XX.65 dev enp4s0
         post-up iptables -t nat -A PREROUTING -i enp4s0 -p tcp -m multiport ! --dports 8022,8006 -j DNAT --to 10.10.10.1
         post-up iptables -t nat -A PREROUTING -i enp4s0 -p udp -j DNAT --to 10.10.10.1

# route 78.46.XX.64/27 via 78.46.XX.65

iface enp4s0 inet6 static
         address 2a01:4f8:121:4c9::2/64
         gateway fe80::1

car vmbr0
iface vmbr0 inet static
         address 10.10.10.0/31
         bridge ports none
         bridge-stp off
         bridge-fd 0
         post-up iptables -t nat -A POSTROUTING -s '10.10.10.1/31' -o enp4s0 -j MASQUERADE
         post-down iptables -t nat -D POSTROUTING -s '10.10.10.1/31' -o enp4s0 -j MASQUERADE

# OPNSense WAN - Proxmox LAN

car vmbr1
iface vmbr1 inet manual
         bridge ports none
         bridge-stp off
         bridge-fd 0
#LAN


In Proxmox I have a virtual machine with IP 192.168.1.1 with OPNSense

at 192.168.1.100 I have a Web Control Panel (like cpanel webserver / email etc..)


If I have reflection disabled in opnsense...
  Reflection for port forwards
  Reflection for 1:1
  Automatic outbound NAT for Reflection

I can send and receive emails without problem... but virtual machines cannot interact with each other, which is why I cannot send an email from a virtual machine through cpanel.


now... if I activate reflection...

I can interact between the virtual machines... they connect and mark the email as sent... but the server automatically bounces my email.

This is the mail system at host srv1.XXXXXX.es.

I'm sorry to have to inform you that your message could not
be delivered to one or more containers. It's attached below.

For further assistance, please send email to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

                    The mail system

<XXXXXX@gmail.com>: mail for gmail.com loops back to myself
Reporting-MTA: dns; srv1.XXXXXX.es
X-Postfix-Queue-ID: 0EA191C4125B
X-Postfix-Sender: rfc822; katia@XXXXXX.es
Arrival-Date: Fri, 12 Apr 2024 13:17:30 +0200 (CEST)

Final-Recipient: rfc822; XXXXXX@gmail.com
Original-Recipient: rfc822;XXXXXX@gmail.com
Action: failed
Status: 5.4.6
Diagnostic-Code: X-Postfix; mail for gmail.com loops back to myself
From SMTP Test User
Recipient XXXXXX@gmail.com
Date Today 08:17
Testing test mail via srv1.XXXXXX.es.

Nothing to worry.


But.... if I send an email from Gmail to any tray within cpanel... they arrive without a problem!


Could anyone help me please!

Same here in my case, work some hours and after.. packet loss and disconnection intermitents

Hi, i have a HP DL320 G5 with Clean OPNSense  21.7.1...

I have 2 connections, 1 by DHCP coaxial cable(bridge mode) ... another by PPPoE fiber optic (bridge mode), which assigns me a Fixed IP ...

If I connect only the Coaxial, I don't have any kind of problem ...

but instead, if I connect the Fiber Optic connection, I start to have packet loss after many minutes, and then the packet loss becomes recurrent ...

I have the problem both, connecting as a multi wan, as if I only connect the optical fiber ...


The steps that I perform are ... once OPNSense is installed, I add bge0 to WAN and em0 to LAN ... in WAN I select PPPoE, deactivate IPV6 and enter username, password, save the changes and apply ...


Only that...

if i make this with the coaxial connection(only) with DHCP (bridge mode) and make this settings... all work fine...


EDIT: the problem appear when i open port to a specific lan ip.

Hi folks, I have a domain on cloudflare like dns ...

and I have it as follows:

registration A domain.com IP 186.16.12.15

registration A domain.com IP 189.110.14.5

to have redundancy and avoid crashes ... now well ... when I had a single IP ... I had set it to automatically change the IP of the domain, but now that I have 2 IP ... change the 2 records for the IP new 1 connection ... change record 1 with ip 1 and record 2 with ip 2?

Hola, tengo un servidor web en mi ip 192.168.1.100 bajo DMZ ... con una WAN de Movistar

Puedo acceder desde la red local, puedo acceder desde los dominios que tiene asignados y todo sin problemas, también puedo acceder desde otras conexiones externas de otras empresas, por ejemplo Fibertel ... PERO no puedo acceder desde fuera desde otras conexiones de Movistar .

alguna idea cual puede ser el problema? repito solamente no pueden acceder a mi web las conexiones que tengan la misma empresa que yo... el resto ingresa sin problemas!

Hello, I have a web server on my ip 192.168.1.100 under DMZ ... with a Movistar WAN

I can access from the local network, I can access from the domains assigned to it and everything without problems, I can also access from other external connections of other companies, for example Fibertel ... BUT I cannot access from outside from other Movistar connections.
:'( :'( :'(

Hello, I have a web server on one server and the OPNSense(OPNsense 20.7.8_4-amd64
) on another, these last days I am having kinds (for moments only) of micro internet outages ... the problem is that this started since I reinstalled the OPNSense, but I have doubts if it is really an OPNSense problem since I have not configured more than a DMZ as I had it before ... or if it is a problem with my internet connection ... what do you suggest to see what is failing?

Hello, a while ago I had this problem and I was able to solve it, but a few days ago I had to reinstall the OPNSense, and I have the same problem again, but I can not find the solution.

I have a WebServer under DMZ with OPNSense, everything works fine, but if my web takes a while to load, it throws 504 Gateway Timeout ERROR ...

mi Port Forward es :

   LAN LAN1 LAN2 WAN WAN2   any   *   *   WAN address   *   192.168.1.100   *   

any idea?

Ey! Hello Manuel!

See, i have Server1 with opnsense.

Server2 with proxmox... in VM1 have a CentosWebPanel (CPanel) in DMZ with some websites and domains.... all work well...

Only cant use for example curl inside my domain maybe i understand what the curl cant resolve the same domain.

I use the curl to get others website out of my network and it work well...

In Lan and Out of Lan i can see the websites without problem... the domain.com is hosted inside Centos Web Panel... too can get my domain.com with curl script out of my network....

Only cant resolve a loopback(?

Extra data: isnt problem of CWP... if i use it connected directly at internet... all work well

Hello i have a physical server in my house with Opnsense... and other physical server with MV1 with CentosWebPanel... in this CWP i have 1 wordpress in domain.com with plugin in Curl to capture a website...

if i use to capture for example "google.com" it work perfectly

only fail when appoint to for example  sub.domain.com... or other domain in my same wan. it display error Curl error 28

the MV1 is under DMZ.

if i use this plugin in localhost in my work for example.. and put to capture my domain.com... it work.


the problem is only under opnsense and in my same connection.

Hola, monte todo como lo dije arriba y la red no funciona como lo esperaba... la red 1 recibe conexion de la wan 1 y la red 2 de la wan2... o aveces se intercambian las conexiones...

no puedo acceder desde las 2 wan al servidor solo de 1 a la vez... se me esta complicado jaja

tengo otro tema ahora... la VM1 que tiene el CentosWebPanel, puse un wordpress con un plugien que se conecta a un subdominio del wordpress, y el curl del plugin no lo resuelve...

puedo con el plugin capturar google o cualquier página siempre y cuando este fuera de mi red sin problemas, pero no puedo capturar ninguna que este dentro de mi misma conexión... cabe aclarar la VM1 esta en DMZ.

por otro lado tengo otro servidor con un sistema con la conexion de wan2... puedo acceder por medio de la IP WAN2 desde el exterior sin problema, pero desde otra pc dentro de la red... no, sin embargo si puedo acceder por ejemplo a dominio.com y accede sin problema al MV1 que esta en la WAN1.

siendo que copie tal cual las reglas y cambie la ip de la pc para redirigir el trafico