Messages

1

24.7 Production Series / Re: CrowdSec not creating floating rules?

« on: November 05, 2024, 08:35:29 pm »

Patrick, thank you. I am embarrassed to admit it, but I never noticed that you could open the Automatically generated rules. Thanks again and we appreciate all you do in helping others out.

2

24.7 Production Series / CrowdSec not creating floating rules?

« on: November 03, 2024, 03:36:06 pm »

Hello - I am running a fresh install of Opnsense 24.7.7 on a PC.

CrowdSec is installed and under settings I have the first 3 options and the last option (logs) checked.

CrowdSec created the Aliases but did not create the Floating Firewall Rules as mentioned in every guide I have read.

Not sure why the Floating Rules were not created. Is it possible for someone to post the automatically created Floating Rules and I can create them manually.

Thank you for your help and time.

3

General Discussion / Re: Correct way to limit individual WG peers to one ip rather than entire network

« on: January 02, 2024, 01:54:54 pm »

tiermutter,

Thank you for your help. I really appreciate. Will give it a shot after work. Biggest lesson I have learned is backup the configuration before I "break it."

4

General Discussion / Correct way to limit individual WG peers to one ip rather than entire network

« on: January 02, 2024, 04:28:21 am »

Good evening,

Apologies in advance, unskilled home user. I searched here and Google to find a solution without any luck. Found "WireGuard on OPNsense - Limit access to certain IP" on reddit but it didn't help much.

I have Wireguard setup and working great on my router. WG has multiple peers setup so the family can access devices at home when away. What I'd like to be able to configure would be limiting some of the WG peers to one IP address on an individual basis rather than the entire group.

IE:  WG peer 1: 10.10.10.3 could access the entire network (working fine as is)
      WG peer 2: 10.10.10.4 could only access a single IP (need to know how to limit access, Firewall rule?)

I don't see a way to create a firewall rule for WG peer 2. Any help would be greatly appreciated, thank you and Happy New Year.

5

23.1 Legacy Series / Re: Firewall Rules for Multiple LAN - Need to talk to each other

« on: March 04, 2023, 01:43:45 pm »

meyergru,

Thank you for your help. I uninstalled the Canon app from my phone and reinstalled it. That did the trick and now I can print.

I made a mistake by assuming that the printer worked prior and was using a static ip that it should work on the new LAN. Great lessons for me to learn from - never assume when troubleshooting and test multiple methods.

Thanks for everyone's help - the people are Opnsense are the reason I changed from another Firewall/Routing software. I'm in way over my head in understanding any of this and people jump in and share their knowledge which is awesome.

6

23.1 Legacy Series / Re: Firewall Rules for Multiple LAN - Need to talk to each other

« on: March 03, 2023, 11:49:09 pm »

Demusman,

I see why you are asking how I am testing now. I also have IP cameras that are on the LAN and I can access them from my phone on LAN3 so the firewall rule is working. For some reason i am unable to print from my phone - using Cannon app for Android. I'll try to uninstall the app and see what the issue could be.

I should have tested multiple scenarios first, my bad but a good lesson learned.

Thanks again for your help.  Have a good weekend!

7

23.1 Legacy Series / Re: Firewall Rules for Multiple LAN - Need to talk to each other

« on: March 03, 2023, 11:38:55 pm »

Demusman,

Thank you for your reply.

For testing I am using a phone which is connected to the AP (wifi, LAN3) and opening a picture which I can typically print to a wired network printer (LAN). I am unable to print from the phone to the printer when the AP is plugged into LAN3.

If I disconnect the AP from LAN3 and plug it into LAN I can print from my phone just fine.

8

23.1 Legacy Series / Firewall Rules for Multiple LAN - Need to talk to each other

« on: March 03, 2023, 09:57:21 pm »

Good day. Newbie home user needing basic help with firewall rules. Searched forum, google and reddit for the topic and found many suggestions but none that are working after spending days at it.
Here is what I am trying to accomplish:

Have LAN, LAN2 and LAN3. I would like all 3 LANS to be able to talk to each other. Example: LAN3 is dedicated 2.5gb for wireless AP which will need to talk to a wired network printer on LAN. Currently, LAN3 can assign IP addresses and reach the internet but it can not reach the wired printer (static ip) on the LAN.

The attached screenshots show the interfaces and LAN2 firewall rules (exact same setup for LAN3), one for internet access and the other for what I thought would allow access to LAN and LAN3 but it does not. Once I have a working firewall rule for LAN2 I can modify it for LAN3 hopefully.

Thank you in advance for your help and apologies for my ignorance. Opnsense is a godsend for me, allows me to access my network when I travel via Wireguard. 

9

General Discussion / Re: Multiple LANS using same dhcp range?

« on: February 22, 2023, 10:14:17 pm »

Thank you for your help. Will give it a go this weekend. Take care.

10

General Discussion / Re: Multiple LANS using same dhcp range?

« on: February 22, 2023, 10:02:59 pm »

Patrick,

Thank you for your help, I do appreciate it.

One quick question, since I have to use the following config, will the devices be able to talk to one another, IE 192.168.1.x with 192.168.2.x?  If not, is there a way to accomplish my goal without adding a switch? Thanks again.

Lan1 - 192.168.1.x
Lan2 - 192.168.2.x
Lan3 - 192.168.3.x

11

General Discussion / Multiple LANS using same dhcp range?

« on: February 22, 2023, 09:41:32 pm »

Good day. I searched for an answer in the forum but cannot find an answer, maybe because I'm not using the correct terminology so apologies in advance if this has been asked prior. I hope someone can help a newbie home user with the following:

Is it possible to have the following configuration using 3 separate NICS

Lan1 (10gbe SFP) - wired devices using range 192.168.1.1 - 192.168.1.50
Lan2 (2.5gbe Copper) - connected to wireless AP using range 192.168.1.51-192.168.1.100
Lan3 (2.5gbe Copper) - feeding wired device using range 192.168.1.101-192.168.1.102

Reason for doing this is I don't want to add a separate switch for my 2.5gbe devices. I currently have a 1gbe/10gbe switch that isn't compatible with 2.5gbe. In addition, I need all the devices to be able to talk to each other, IE a tablet on wireless can talk to  a wired printer.

Thank you for your help.