Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - chenks

Pages1
#1
General Discussion / Re: firewall rule to block internet - have i created correctly?
March 15, 2023, 05:10:53 PM
Quote from: tiermutter on March 15, 2023, 05:06:08 PM
Looks good. Make sure the cam cannot / can never connect via IPv6 to the internet.
Another dirty way is to set wrong DNS and gateway in client / cam settings.

i don't have DHCPv6 Server enabled, as my ISP is IPv4.

IPv6 is something i've wonder whether i should leave disabled as there would be no benefit to having it enabled due to ISP being IPv4 only.

strangely though, if i do ipconfig on my windows laptop it shows it as having an IPv6 address, but i guess it's self assigning one as it hasn't come from the opnsense DHCP server.
#2
General Discussion / firewall rule to block internet - have i created correctly?
March 15, 2023, 04:59:48 PM
hi, i'm fairly new to opnsense and just wanting to get the more knowledgable folk to confirm i've got my firewall rule set up correctly?

i have a eufy camera that i want to block from having internet access (i use it solely via HKSV).
it has a static IP of 192.168.50.11

i created a firewall alias and added that IP to the alias.
created a rule

action: block
interface: LAN
direction: IN
TCP: IPv4
protocol: ANY
source: the alias i created
destination: ANY

i then moved the rule to the top of the rules list.
from initial testing it does seem to be working, if i disable wifi on my phone and try to access the camera via the eufy app then it fails to connect, if i turn wifi back on then the eufy app connects. before i created the rule the eufy app was able to connect to the camera regardless.



#3
Tutorials and FAQs / Re: HOWTO - Routing Traffic over Private VPN
December 20, 2022, 10:11:30 PM
hi, sorry to bump this thread, but i'm a new opnsense user and just looking to check if the instructions at the start of this thread (from 2017) will allow me to do what i'm trying to achieve.

i'm new to opnsense, but not new to basic network config and tinkering with config.

i've added my nordvpn account to opnsense as a vpn client (using https://support.nordvpn.com/Connectivity/Router/1292598142/OPNsense-19-1-setup-with-NordVPN.htm although stopped at the unbound part), and it's showing as connected (albeit no traffic actually routing thru it just now).

i want to route either specific URLs or specific LAN clients thru the VPN (ie not ALL traffic), i believe this will probably be policy based routing?

example
i want to route all traffic from 192.168.50.10 thru the VPN
i want to route any device accessing www.blah.com thru the VPN

i also don't want any DNS leak
Pages1