OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of smthing »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - smthing

Pages: [1]
1
General Discussion / Re: Firewall - Best Practice?
« on: April 15, 2023, 08:29:09 pm »
Quote from: meyergru on April 14, 2023, 11:13:27 am
Yes. To have the same URL from inside and out.

Good point and makes sense.

Quote from: phoenix on April 14, 2023, 11:34:35 am
Then why don't you follow the suggestion to use a VPN? You can set-up a secure connection with Wireguard and only the allowed users will be able to access the LAN interface from the internet - much more secure and works a treat, I've been using it for years without problems.

It would certainly bother me if I exposed my LAN interface to the interface via NAT, I'm sure there's plenty of hackers that would find that config a challenge. ;)

Thank you. The WEB GUI was an example and I can understand the assumption. The question is however about the practice. And as mentioned above, it's probably due to having the same URL.

2
General Discussion / Re: Firewall - Best Practice?
« on: April 14, 2023, 10:41:30 am »
Quote from: bartjsmit on April 14, 2023, 08:24:51 am
Best practice is not to expose any management interfaces to the internet. Use a VPN for remote access

That's understood in general cases and pretty well known.

I'm more curious about the process of using NAT Port Forward from WAN -> LAN side of the gateway and then open the firewall for LAN access. Is there any benefit from doing this?

3
General Discussion / Firewall - Best Practice?
« on: April 13, 2023, 09:04:20 pm »
I've seen some examples where people setup Firewall rules for the OPNsense Gateway, but don't really understand the practice.

Example: How to access the WEB Gui from the WAN port.
Almost all guides recommend a NAT Port Forward the HTTPS port (without changing port no.) from the WAN interface to the LAN interface. And then open up the firewall from the LAN side.

Is there a reason for this? Why not open up the firewall from the WAN side and skip the NAT Port Forward?

4
General Discussion / Re: OPNsense instead of Ubiquiti UDR as main router
« on: April 13, 2023, 08:54:56 pm »
I think you should specify your question a bit. But presuming a general question "can you use OPNsense as a gateway instead of Unifi?" Sure, you wouldn't be the first to do it either. Basically all "networking" services can be done by OPNsense. It's up to you, where you want to place each service. You can leave the WiFi tasks to Ubiquiti for convenience.

I would start with what VLAN should be where and how my networking hardware would support it.


Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2