"
The answer was to set rules in the "in" direction
see this topic for the direction meaning
https://forum.opnsense.org/index.php?topic=16829.0
see this topic for the direction meaning
https://forum.opnsense.org/index.php?topic=16829.0
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
General Discussion / Re: OpenVpn client
February 08, 2023, 05:07:12 PM
The answer was to follow this guide in particular to create an interface https://www.ovpn.com/en/guides/opnsense
#3
General Discussion / OpenVpn client
February 08, 2023, 04:29:38 PM
Hi,
I have configured openvpn client and it manages to connect.
However, i get this error:
GDG6: problem writing to routing socket: No such process (errno=3)
I dont think it has to do with the vpnclient configuration...I have tried to tick the option " Don't add/remove routes".
When this option is activated, my internet gets blocked.
I get the error wether i tick the option or not.
I have tried to sepcify interface : any or interface : wan and it's the same.
Do i need to do something specific in the system administration so it works properly?
I have configured openvpn client and it manages to connect.
However, i get this error:
GDG6: problem writing to routing socket: No such process (errno=3)
I dont think it has to do with the vpnclient configuration...I have tried to tick the option " Don't add/remove routes".
When this option is activated, my internet gets blocked.
I get the error wether i tick the option or not.
I have tried to sepcify interface : any or interface : wan and it's the same.
Do i need to do something specific in the system administration so it works properly?
#4
General Discussion / port 587 not blocked?
February 06, 2023, 03:35:02 PM
Hi,
I have this setup on my lan network where i allow traffic out on ports 22, 53, 80, 123, 443.
Then I block all traffic out on any ports
Then I allow all traffic in.
I have tried to send an email with python using smtp lib on port 587.
It was being blocked before I opened port 587 on my internet box. But after i open port 587 on my internet box it was not blocked anymore, as if the firewall let it pass.
What did i do wrong on my firewall lan rules?
See the attached screenshot for details.
Thank you
I have this setup on my lan network where i allow traffic out on ports 22, 53, 80, 123, 443.
Then I block all traffic out on any ports
Then I allow all traffic in.
I have tried to send an email with python using smtp lib on port 587.
It was being blocked before I opened port 587 on my internet box. But after i open port 587 on my internet box it was not blocked anymore, as if the firewall let it pass.
What did i do wrong on my firewall lan rules?
See the attached screenshot for details.
Thank you
#5
Tutorials and FAQs / Re: stateful rules equivalent to conntrack in iptables
February 04, 2023, 11:13:22 PM
hi, here is the attached screenshot
#6
Tutorials and FAQs / Re: stateful rules equivalent to conntrack in iptables
February 03, 2023, 10:38:03 AM
Ok thanks.
I see all my devices connected to the opnsense firewall have a route with a netif defined as l0 (loopback interface).
Isnt it a threat that connects them all together?
I see all my devices connected to the opnsense firewall have a route with a netif defined as l0 (loopback interface).
Isnt it a threat that connects them all together?
#7
Tutorials and FAQs / NordVPN configuration
February 03, 2023, 10:33:34 AM
Hi,
I have found this tutorial https://support.nordvpn.com/Connectivity/Router/1292598142/OPNsense-19-1-setup-with-NordVPN.htm
I dont understand why I have to add an opt1 interface named NordVPN.
On my hardware i have 3 interfaces and i cant add a nordvpn interface...
In the tutorial when configuring openvpn client, interface is set to any so i guess all interfaces will use the openvpn client...all the rest of the tutorial is about configuring dns on the specific interface.
Should i just link the unbound DNS to my wan interface so it uses Nordvpn and replace in the tutorial all Nordvpn interface with my wan interface?
Also i dont quite understand unbound dns. I have checked the documentation here https://docs.opnsense.org/manual/unbound.html but the definition is blurry...what does it mean?
I have found this tutorial https://support.nordvpn.com/Connectivity/Router/1292598142/OPNsense-19-1-setup-with-NordVPN.htm
I dont understand why I have to add an opt1 interface named NordVPN.
On my hardware i have 3 interfaces and i cant add a nordvpn interface...
In the tutorial when configuring openvpn client, interface is set to any so i guess all interfaces will use the openvpn client...all the rest of the tutorial is about configuring dns on the specific interface.
Should i just link the unbound DNS to my wan interface so it uses Nordvpn and replace in the tutorial all Nordvpn interface with my wan interface?
Also i dont quite understand unbound dns. I have checked the documentation here https://docs.opnsense.org/manual/unbound.html but the definition is blurry...what does it mean?
#8
Tutorials and FAQs / Re: stateful rules equivalent to conntrack in iptables
February 03, 2023, 10:17:36 AM
thanks, so basically it's an hardware interface. it's a pitty the web gui doesnt show which "link#" each interface is assigned to in interfaces...
#9
Tutorials and FAQs / Re: stateful rules equivalent to conntrack in iptables
February 01, 2023, 03:57:09 PM
Ok i see the default as allow all incoming connection on LAN net also...
What is the meaning of 'link#2' 'link#4' etc in system/route/status?
What is the meaning of 'link#2' 'link#4' etc in system/route/status?
#10
Tutorials and FAQs / Re: stateful rules equivalent to conntrack in iptables
January 29, 2023, 08:37:44 PM
Ok, but i have put a rule to allow traffic direction out and block direction in and the block in doesnt let the traffic pass if it came from rule direction out.
Is there a default policy to block traffic or am i supposed to add a rule at the end of the stack with block traffic and put rules before to allow it (in case quick is ticked)?
If i want traffic to pass from my lan to internet and block internet to lan (except for stateful packets that come back), what rule am i supposed to add to the lan interface(allow/block) and what rule to the wan interface (allow/block)?
thanks
Is there a default policy to block traffic or am i supposed to add a rule at the end of the stack with block traffic and put rules before to allow it (in case quick is ticked)?
If i want traffic to pass from my lan to internet and block internet to lan (except for stateful packets that come back), what rule am i supposed to add to the lan interface(allow/block) and what rule to the wan interface (allow/block)?
thanks
#11
Tutorials and FAQs / stateful rules equivalent to conntrack in iptables
January 29, 2023, 04:00:52 PM
Hi,
I have a simple setup:
(10.0.0.1)Internet box -- (10.0.02) firewall_WAN -- firewall_LAN (192.168.1.1) -- my pc (192.168.1.2)
I would like to set a firewall rule authorizing all packets out and blocking all packets in except for related/established packets (stateful rule).
I dont find the rules i need to add to obtain this.
Could you help me with this?
Thank you.
I have a simple setup:
(10.0.0.1)Internet box -- (10.0.02) firewall_WAN -- firewall_LAN (192.168.1.1) -- my pc (192.168.1.2)
I would like to set a firewall rule authorizing all packets out and blocking all packets in except for related/established packets (stateful rule).
I dont find the rules i need to add to obtain this.
Could you help me with this?
Thank you.
Pages1
