Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - wusikijeronii

Pages1
#1
General Discussion / NAT doesn'r work if IPS mode is enabled in suricata settings
March 06, 2022, 01:35:14 PM
Hello.
When I enable IPS mode in suricata settings NAT stops work. I get a timeout error using external network and error `no route to host` via LAN. I have tried to disable all hw offloading in advanced network but it didn't help. I also tried to disable all rules in suricata but I also get a same error. In firewall log I don't see any problems. How can I solve this issue?
I have two interfaces:

  • Phhysical interface with untagged VLAN
  • VLAN interface with tagged VLAN
#2
General Discussion / Re: Disabling the WEB interface from the public network
November 10, 2021, 08:38:03 AM
I've found an option ` Disable anti-lockout` in Firewall > Settings > advanced and now blocking works
#3
General Discussion / Disabling the WEB interface from the public network [SOLVED]
November 10, 2021, 08:23:09 AM
I am trying to disable the WEB interface from the public network/  When the web interface has listened on the 80 port, NAT rule (to a web server) doesn't work. I also tried to move web but to another port and created block rules in the firewall settings but I, however, can reach web GUI from an external network, How to disable web GUI from a non-lan network?
#4
General Discussion / Re: Port forwarding doesn't work from external network
November 05, 2021, 10:32:44 PM
Removed masquerade from the router and it doesn't work again.
Requested packet forwards from router to OPNsense. OPN forward packet to need port to destination. Destination host returns packet (out packet) to OPNsense. OPNsense does nothing. I don't understand why.
From the OPNsense ssh session, I also get a timeout error.
Router (Mikrotik) tcp dump:
https://drive.google.com/file/d/1_Z0rAlLSwVEEg1YFQbfIgOCqtRNdUJwy
OPNsense tcpdump:
https://drive.google.com/file/d/1aBRO_Vch8Ryx_BmdIlO1ZY8NMh5aWd2M/view?usp=sharing

UPD: Found a solution. I added a rule to out NAT (don't know the exact name 'cos I use non-English language in OPNsense web. I mean reverse NAT)
#5
General Discussion / Re: Port forwarding doesn't work from external network
November 05, 2021, 02:01:28 PM
I fixed it by adding a LAN interface to the Captive Portal. I think it is because I don't have a WAN port (only LAN). Am I right?
UPD: No. I tried to use the HTTP port. When I changed the port it doesn't work again
UPD: Removed all rules and recreated these again. Works!
#6
General Discussion / Re: Port forwarding doesn't work from external network
November 05, 2021, 12:40:06 PM
I broke the display from the laptop and bought a new one. But this one - i7, 16 GB RAM, SSD looks like a good hardware for a firewall.
#7
General Discussion / Port forwarding doesn't work from external network [SOLVED]
November 05, 2021, 12:34:06 PM
Hello. I am an OPNsense beginner.
I installed OPNsense instance to the laptop (one physical port) and added NAT forwarding for a port. It works if I try to reach a destination from my local network. Bur when I try to reach the destination from an external network I get a timeout error.
I also tried to add allow firewall rule for the destination subnet. It didn't help. And I also tried to launch a TCP dump from an external client. I send requests but I don't get replies. In the firewall log, no errors are shown.
Pages1