Messages

1

Hardware and Performance / Re: OPNsense 20.1 on RaspberryPI 3

« on: June 19, 2022, 05:14:52 am »

Hello Rene!

Is the project abandoned? With the addition of Proxmox to the list of enterprise applications that can be run on a Pi4, being able to run Opnsense becomes an increasingly interesting idea.

2

21.7 Legacy Series / Re: Disable Firewall and still have Internet Access?

« on: November 02, 2021, 09:58:22 pm »

Oh ok, that makes sense. But what would it be? A WAN rule, or LAN rule? Nat Rule? Sorry, I'm still learning all of this, so it's a bit confusing still.

Most of the times its WAN. LAN is usually unfiltered or even unchecked, as is outbound, unless specified.

3

21.7 Legacy Series / Kernel proc : intr stuck

« on: November 02, 2021, 05:34:21 pm »

Hi, i noticed latly that the proc "intr" is getting stuck in zombie mode - uninterruptible sleep. Whether i reboot or wait (3days), the proc is stuck at that state.

Any ideas why?

4

Tutorials and FAQs / Re: [Tutorial] How I do port forwarding - simple and straightforward

« on: October 12, 2021, 03:12:43 am »

Hi, thanx for the guide.

Got a question though, as its not fully working for my end.

when i try to connect from the internet (through ddns) i get a pass outgoing rule (?) and thats it, it stops there. Locally, the machine accepts (ssh) connections.

Code: [Select]

__timestamp__ Oct 12 04:07:05
ack
action [pass]
anchorname
datalen 0
dir [out]
dst 192.168.1.91
dstport 22
ecn
id 30776
interface em0
interface_name lan
ipflags DF
ipversion 4
label let out anything from firewall host itself
length 60
offset 0
protoname tcp
protonum 6
reason match
rid 1232f88e5fac29a32501e3f051020cac
rulenr 70
seq 342642971
src 71.120.21.331
srcport 54264
subrulenr
tcpflags S
tcpopts
tos 0x0
ttl 62
urp 64240
I dont understand though, why there it shows thats a connection is being made with direction to the outside.. Shouldn't it say incoming instead? The local IP im trying to connect to is 192.168.1.91.

5

Tutorials and FAQs / Re: Trying but failing to port forward

« on: September 11, 2021, 06:32:48 pm »

Hello again!

Sadly, haven't solved the conundrum yet. And I guess it can't be an easy one, since nobody chimed in with a solution. Still if there is anyone other there to provide a hint or two, I would greatly appreciate it!

I always get "default deny rule" whether i port forward from router to LANaddress or WANaddress and then use PASS rules to NAT rules. Nothing seems to work.

6

Tutorials and FAQs / Trying but failing to port forward

« on: September 07, 2021, 06:29:32 am »

Hi and thanx in advance for any help you provide!

Small preface, I'm new to OPNsense and how it works but its fortunately part of my job and besides being supposed to manage it and expand it, I'm also pretty eager and enthusiast to learn!

I've installed OPNsense on VMware on an old netbook (fast ethernet, usb2.0, dualcore AMD C50 but using one core, 512MB ram allocated) and the second machine im working with is a Pi4 with 8Gb ram.


Topology is everything connected to a 1Gb ports u-switch, the switched connected with the modem router.

Using the same subnet for both OPN-wan and OPN-lan, that is "Bridged Automatic" on the Netbook.
---------------

One of the things I'm trying to achieve is get VNC calls from the web, through router->OPN->clients.

Successfully port forwarded my DDNS calls from the router, with port ranges from 5900-5904 to OPNsense.

As far as I understood, by default, OPN will auto-redirect calls from its WAN-side (wan-address=192.168.1.253) to the LAN-side (lan-address=192.168.1.1), so I went ahead and created a "floating" rule as follows:

LAN, IN, IPv4, TCP/UDP,
Source:Any, Source port-range:5900-5904
Destination:192.168.1.1, Destination port-range:5900-5904
...
...

..and a NAT port forwarding:

LAN, IN, IPv4, TCP/UDP,
Source:LAN Address (im assuming that's the OPN-Lan interface id, "192.168.1.1" for my case)
Port: 5901
Destination: 192.168.1.91, Destination port: 5900 (VNC)

So what I'm trying to achieve is accept any incoming calls on Port ranges 5900-5904 on the OPN-LAN address, then hold a specific port and redirect it to a specific client (on client's default VNC port, 5900).

What I get on the firewall log is Defauly Deny Rule.

Code: [Select]

ack
action [block]
anchorname
datalen 0
dir [in]
dst 192.168.1.1
dstport 5901
ecn
id 37084
interface em0
interface_name lan
ipflags DF
ipversion 4
label Default deny rule
length 60
offset 0
protoname tcp
protonum 6
reason match
rid 02f4bab031b57d1e30553ce08e0ec131
rulenr 8
seq 3720540683
src 62.74.8.122
srcport 22350
subrulenr
tcpflags S
tcpopts
tos 0x0
ttl 52
urp 65535
I tried a few things here and there like NAT reflection or allow bogons but i ended up reverting to a last good, known configuration and getting nowhere closer to make it work.

What am I doing wrong please?

7

General Discussion / Re: How to put a VMware rig inside OPNSense Lan

« on: June 07, 2021, 10:00:20 pm »

I'm also trying to set a vpn to access from my phone. Followed a tutorial and followed all necessary steps (creating a CA server and a certificate for it, a user and certificate for it, a vpn server), used my internet ip but i cant get any request reaching my firewall. Any ideas?

8

General Discussion / How to put a VMware rig inside OPNSense Lan

« on: June 06, 2021, 09:26:12 am »

Hello, so I successfully created a barebones but working OPNsense vm, that i can ping from my home lan to OPNlan and OPNwan and vice versa and also to ping internet.

Now i made a new VM running a linux distro that i want to set its network to be as the network OPNLan side.

OPNLan is set as Static on 192.168.2.1
OPNWan is set as Static on 192.168.1.253

Home lan is 192.168.1.0/24 and modem-router is 192.168.1.254

Like i said, i would like to make the new VMlinux machine use the 192.168.2.0/24 subnet that the OPNlan uses and manage it through OPNsense.

Is it possible? What am i missing? As it is now, the VMLinux is agnostic of any established network is i set its IP on 192.168.2.0/24 , no matter which IP i use as gateway.

Thank you in advance.

9

General Discussion / Re: How to Access my Home Lan

« on: June 05, 2021, 07:33:07 am »

Had to make a routing rule on the modem/router , directing traffic from 192.168.2.0 (OPN LAN) to the router IP (192.168.1.254)

10

General Discussion / Re: How to Access my Home Lan

« on: May 30, 2021, 11:49:00 pm »

Thank you for the replies.

I decided to scrap the original setup, i was running everything from withing Proxmox and i believed (maybe unfairly) that the problem lied that everything were withing a inception virtualization enviroment.

I made a simpler setup, with a VMWare running OPN and another VMWare running a Linux Desktop.

OPNLan is 192.168.2.1/24
OPNWan is 192.168.1.20/24 (DHCP).

Both interfaces are set as Bridged from the VM, i couldnt make the OPNLan reachable from the linux boxes otherwise

VMLinuxbox is 192.168.2.x , also with vnetcard set as Bridged, as Host i get destination host unreachable when i try to ping the OPNLan address.
--- Can connect to webgui on OPNLan when on bridged.


From within the webgui, i can ping from Wan to the internet // cant ping from Lan to the internet.

11

General Discussion / How to Access my Home Lan

« on: May 30, 2021, 02:14:39 pm »

Hello

I have these settings:
Home Lan : 192.168.1.0/24   
Modem Router: 192.168.1.254/24

OPNSense LAN: 192.168.2.1/24
               WAN: 192.168.1.8/24 (DHCP)


OPN is running on VM
I created a VM running a linux desktop, set up to use the gateway 192.168.2.1 and DHCP its IP address.
      Can open OPN webgui + can access internet.


Now i want to be able to access the 192.168.2.0 network (which is running on VMs) from my physical Home Lan, which is 192.168.1.0


How am i gonna accomplish that?

Thanx in advance.