Messages

1

23.1 Legacy Series / Re: Default deny / state violation rule blocking traffic to reverse proxy.

« on: August 24, 2023, 04:10:34 am »

I figured it out.

I had to go into my port forwards and set filter rule association to automatic

2

23.1 Legacy Series / Re: Default deny / state violation rule blocking traffic to reverse proxy.

« on: August 24, 2023, 12:59:20 am »

These are my port forward rules as well.

3

23.1 Legacy Series / Default deny / state violation rule blocking traffic to reverse proxy.

« on: August 24, 2023, 12:43:08 am »

Hi all,

I'm having an issue where the default deny / state violation rule is blocking traffic from WAN to my reverse proxy (traefik).



In the image you can see that the rule is blocking my phone, on the cell network, from being directed to my reverse proxy IP.

My WAN rules are:

My LAN rules are:


What am I missing here? Why is this traffic getting blocked? I have reset my state table and I'm still having issues.

4

23.1 Legacy Series / Re: Can't access http/https internally, but can externally.

« on: August 13, 2023, 04:22:31 pm »

I fixed it. I had to turn NAT reflection on in firewall>setting>advanced

5

23.1 Legacy Series / Re: Can't access http/https internally, but can externally.

« on: August 13, 2023, 03:09:20 pm »

I already had this set up. I re-enabled the re-direct DNS rules as well. Still no dice.

6

23.1 Legacy Series / Can't access http/https internally, but can externally.

« on: August 13, 2023, 05:27:07 am »

I'm having an issue where I cannot get any of my url's to resolve internally. For instance, on my internal network, I cannot access 'auth."mydomain".com. However, on my phone, I can access auth."mydomain".com when it is connected to cell. If it is on wifi, I cannot. The connection will time out after about 20 seconds, which is leading me to think this is a firewall issue.


I've combed through my port forwards and my firewall rules endlessly. I have looked through unbound as well, and I cannot find where the issue lies. I don't see anything popping up in the firewall log. Can anybody help me troubleshoot this?

7

Web Proxy Filtering and Caching / Migration from PFsense to OPNsense, HAproxy Error code

« on: April 19, 2022, 10:02:17 pm »

Hey all,

I decided to move over from PFsense. So far, everything seems to be working swimmingly, except for me getting HAproxy working.

I use traefik and authelia. I have my real server set up in haproxy, going to port 80 which is what traefik is on. I have a backend pool for traefik, which ties in the real server. I have a public service set up, which listens to port 80 and 443 on my public IP. HTTP/HTTPS with ssl offloading is selected. There is no default backend pool.

All my acme certs are valid.

When I try to access any of my sites, I receive "Error code: SSL_ERROR_RX_RECORD_TOO_LONG"

From what I have read, it seems like this could be an issue with something getting https that is supposed to be http.

I may also have my rules/conditions set up incorrectly. I do not have a rule or condition for traefik.

I'm not great with networking, so I'm just trying to get this back up and running the way it was.

I attached the haproxy config from opnsense, and the haproxy section of the xml from pfsense.