Messages

1

23.1 Legacy Series / Re: UI BUG: Adding new alias doesn't show all aliases

« on: March 27, 2023, 10:03:05 pm »

I was expecting it to work the same way as the drop-downs, for example, in the source field in firewall rules. In there it shows a scrollbar in the drop-down. Oh well, I guess it's a different kind of drop-down.

Thank you

2

23.1 Legacy Series / UI BUG: Adding new alias doesn't show all aliases

« on: March 27, 2023, 08:38:26 pm »

OPNsense 23.1_6-amd64
FreeBSD 13.1-RELEASE-p5
OpenSSL 1.1.1s 1 Nov 2022

When I go to create a new alias, the "content" drop-down doesn't show all aliases. It only shows the first eleven aliases. The rest aren't shown at all.

Can this be fixed or there any suggestions for a work around?

Thanks
K.L. Carter Sr.

3

General Discussion / Re: Help -- Can't create a rule to let everything from a specific subnet out of WAN

« on: March 08, 2023, 09:57:43 pm »

I just called and asked a guy who is the head of networking and infrastructure for a large corp. (really didn't want to bother him, but...), and he disagreed with what you said. They use all Cisco equipment. However, I'm just a tiny OPNSense/PF home user and I'm just going to do what you said because it makes sense to me. I'm redoing all of my firewall rules now.

Thanks
K. Carter Sr.

4

General Discussion / Re: Help -- Can't create a rule to let everything from a specific subnet out of WAN

« on: March 08, 2023, 09:47:22 pm »

Yes, I just found your other posts even before you replied.

5

General Discussion / Re: Help -- Can't create a rule to let everything from a specific subnet out of WAN

« on: March 08, 2023, 09:03:52 pm »

You would never use a direction of OUT on an interface.

I get it now.  I'll have to redo my whole rules setup, no problem. I have no reason to doubt it. However, if this is true then I why do I see this being done everywhere in forums, chats, and information I've seen online?

Can you give a source for this modus operandi?

Thanks
K. Carter Sr.

6

General Discussion / Can't create a rule to let everything from a specific subnet out of WAN (Solved)

« on: March 08, 2023, 07:26:02 pm »

I need help figuring this out. On my OPNSense firewall I have several cards with each supplying a different subnet to the machines on each card. OPNSense supplies DHCP to those cards.

I created (tried) to create a rule on the the OPNSense WAN to let any and everything on a particular card (LAN 4 subnet) go unfiltered out of the WAN. This rule is the first rule on the WAN. But, this rule has no effect. With the rule in place as the the first rule, the next rule/s are still hit.

Here is what I tried,

1. Everything in the rule set to any, except for source which is set to that Lan card. Didn't work.
2. Everything in the rule set to any, except for source which is set an alias, set to that subnet. Didn't work.

The clue to the problem became apparent when I looked a the Live Log Viewer in OPNSense for the WAN. Everything coming out of the WAN from the installed LAN cards (their associated subnets) has a source IP as the WAN itself !!!

How can I tell the WAN to act on a rule when it's for a particular subnet when the WAN filter is not showing the source address as that subnet?

Thanks
K. Carter Sr.