Messages

That's the crazy thing. If I type the URL into my browser, it displays the contents perfectly. Ergo, it SHOULD be available to OPNSense, but it isn't.

I have a phpBB forum and there's a folder in there with pictures that are displayed to users. This works perfectly. I copied the list of IP Addresses to that folder with the pictures.

Despite the fact, a user in Canada can view them and the IP list as well. OPNsense ignores the file.

It's got to be something stupid that I'm doing, but what?

I'm not blocking URL's only IP Addresses of idiots and script kiddies that are annoying.

I tried it on my hosting server in Canada and it works fine, but not on the server in my office!

Baffling!

It's the same format as this:
https://github.com/SilvrrGIT/IP-Lists/blob/master/shodan but I don't have any comments, just the IPs and that works fine.

I even copied the list and re-created it on my server and it simply didn't work any longer. Is it the owner (apache)? I even tried chmod 777 and that didn't work either so it can't be permissions.

I see the full list of IP addresses. but for some reason, OPNSense ain't reading them.

That's the problem seems OPNSense doesn't have permissions maybe.

I've got a bunch of IP addresses that I want to Block. As far as I can work out, I create an Alias --> URL Table IPs and put in the path to the https URL where they are kept.

I have a Rocky 8.6 server. and an apache webserver. I tried creating a folder and putting the list of IPs into it as a texfile (IP on separate lines), but it doesn't work.

Apache is the owner and I set the permissions to 644, but it doesn't read anything.

What am I doing wrong?

I have Fritz!Box Modem router in Bridge Mode. One cable from the Fritz!Box goes to a 32 port switch All the PCs and servers are connected through the switch to a 192.168.0.0/24 network.

The TP-Link Wireless router is also connected to the switch. DHCP is off and each iPad/phone has a static IP Address in the range 192.168.2.0/24. It wouldn't let me use 192.168.0.0, so we also have another Analog-Digital device running on 192.168.1.0/24

All the iPads/phones can connect to servers, but not to their PCs. We have our own DNS servers running on Windows and everything is on the DNS. I've been trying to figure out what's wrong and getting nowhere fast.

Why can they connect to the servers, but not the PCs?

Should I add something to OPNsense?

I have 8 Static !P Addresses. 4 are in use. All wired. I have OPNSense Firewall working fine It's a simple setup. I have several of the online Blocklists (FIREHOL, internet defence) and One of my own on my webserver (hack_drop). All these have IP List Aliases, and the Block rules are at the top and then Pass rules for the Ports on the different servers are at the bottom. Everything is on a 192.168.0.0/24 network connected to the Public Network

Everything works fine. Now, we bought a Wireless router because a few people want to be able to access their iPads and phones. These are set up on a 192.168.2.0/24 network.

I want the iPads and phones to be able to access files on their computers and servers.

How do I set this up (make it simple, I'm no guru)?

Because I'm 81 on a pension and I can't afford it. Why have  Forum to help people if you only help people who have already installed it and don't care about the 'newbies'?

I have other questions, but asking anything on here is a waste of time. I get better response for users on other forums that have nothing to do with OPNsense.

By following precisely the instructions.

I have a text file with IP addresses that attempt to hack any of my servers. When I find one, I add it to the blocklist. The blocklist is hosted at another site. It refreshed ever 5 minutes.

It's setup EXACTLY like the spamhaus blockist.  Aliases in LAN and WAN and rules entry like spamhaus.

IT WORKS because I check Diagnostics --> Aliases and the addresses show up after 5 minutes. and the would-be hacker, stops his shit. I'm not prepared to keep on and on trying to explain. Whilst you keep arguing I'm a fool.

I can see you don't believe a word and that I'm some kind of idiot, so this conversation is CLOSED.

Just because I'm retired and 81 after working with computers with Novell, Microsoft and Apple since 1980 and before that on PDP11s. I am NOT prepared to be treated like a small child. Just carry on and forget I bothered to inform you.

My mail server. It's gone on for days using different IP's from the same subnet. It's my own server, not a hosting company.

Accepted POP3 connection with: 89.248.165.54
03:07:01 3B0 *** NEW PHYS. CONNECTION, Tbl Entry=0, Socket=59
03:07:01 470 Accepted POP3 connection with: 89.248.165.54
03:07:01 470 *** NEW PHYS. CONNECTION, Tbl Entry=1, Socket=75
03:07:01 30E Accepted POP3 connection with: 89.248.165.54
03:07:01 30E *** NEW PHYS. CONNECTION, Tbl Entry=2, Socket=117

I forgot, I have a facility on my mail server to block addresses. It was blank, but I added the subnet to it yesterday and it stopped dead. It's very worrying that someone seems to be able to penetrate the firewall, though.

I would suspect that whoever it is is NOT 'a guy on the street'.

I have a blocklist of my own that sits on one of my servers. There's over 100 blocked IP's of would-be hackers. It's set to update every 6 minutes and it does. Works fine

I checked Diagnostics --> Aliases and the IP address is there BLOCKED, but that same IP is still scanning my servers for 2 days now.

HOW IS THIS POSSIBLE? and what can I do to kick him off? OPNSense obviously isn't doing it!

I have a malicious subnet whihc insist in scanning my server. I blocked the entire subnet:
89.248.165.0/24 in my blocklist. Everything else in the blocklist works fine, but this one, despite being BLOCKED, is still scanning my servers.

What right has ANYONE got to scan my servers when they are blocked?

What can I do about it?

I set the firewall up implemented geoip and spamhaus filters.

Last evening, I started, getting spam from 157.52.235.0/24. LayerHost, LA, CA, USA
I created an Alias called spam_block URL IPtable
I created a rule identical to the spamhaus one
I had created a blacklist called spammers.txt.
I copied this to one of my servers. I added the subnet to the txt file and set it to refresh at 30 minute intervals.
If I go to the URL of my server, I can read the list without problems.

This morning, I have >20 spam mails each one from a different IP in that subnet range.

I'm obviously doing something wrong. This is serious. Everyone is getting spam again. I had no option bur ro close down OPNsense and revert back to Smoothwall Express. This has stopped the spam

What am I doing wrong. This MUST be fixed or I have to stay with Smoothwall Express

I copied this to one of my servers. I added the subnet to the txt file and set it to refresh at 30 minute intervals.

I'm using OPNsense, with geoip and the block list from spamhaus.

I run my own mail server and I get a lot of attempts to find valid user names and then brute force attempt to guess passwords. Sometimes this will go in for days and with 2 or 3 people (sad to say usually from the USA) and it just takes up a lot of bandwidth and I've had the server so overloaded, that it crashed.

I can't block the country, and spamhaus doesn't catch these.

I want to have the ability to create my own blocklist to which I can add malicious users as I catch them. I see no way to do this with OPNsense, but I understand from a colleague that it's simple with pfsense.

I find it hard to believe that a so-called 'super build' based on pfsense wouldn't have this ability.

Can it be done or should I change to pfsense?