Messages

Looks like I finally understand the logic of the plugin, the only issue is redis server, is a ram cookie monster, minimum we need horse power and 4GB RAM, less than this will suffer.

what about on a 100+ simultaneous users?

Regards.

I setup squid MITM, was working, no issue here.

Latter I decide to install OPNPROXY plugin and..here cames de issues.

Redis running.

No AUTH, is Transparent.

Maybe I forget something?

I setup a Global Rule, allow, select all the categories, username none, I don't have auth enable, source 192.168.9.0/24 or 192.168.9.50, Apply.

Results..no navigation on any page, just opnsense firewall.

I use the test feature and I see the error, I think meaning -> blocked.

Latter I add a custom rule to my laptop, type 2 domains only, apply..works only for this 2 domains.

If I test my 2 domanis I add on this custom tab it works.

Them, I forget something?

Running latest version.

Good question, I got the same...watching...

Hi Vilhonator.

I had found the logs about cron, those are on Unbound dns logs, whitelist clear as watter. Correct, looks like we don't have an option to exclude IPs from te BL stuff.

Thanks for your help.

Hi.

I have this questions related to blacklist feature:

1) If I detect a false positive, and whitelist that domain on the GUI, do I need to run a command or restart the service to apply my new whitelist?
2) If we enable cron to update the list(s), do we have a report/statusabout if the update(s) where a good or not?
3) Exist a why to override the blacklist for a specific IPs on my LAN, lest say I don't want the service to apply the blacklist for X lan IP?

Thanks.

Actualizate a la ultima 24.7_x, ya trae varios parches.

   Quien es el dns y gw en tus clientes?

Si es opnsense, en los equipos las pruebas de resolucion de nombres, funcionan?

Si pingeas destinos publicos como 8.8.8.8, 1.1.1.1, etc, responden?

Que pruebas has hecho?

Ya limpiastes el cache dns de tus clientes?

Saludos.

Sube un diagrama con los detalles de tu red, creo sera mas facil entender y poder aportarte algo a la posible solucion, siento que hay datos que no vemos en tu descripcion.

Saludos.

 I had seen how, thanks master.

I reply my self, is possible and log rotation is enable.
Thanks.

come on, I'm a old dog, but yea, new words to learn.

But it works, with opnsense we have to type like a good Unix sysadmin, love it, this give power but, with care.

Good day.

You need to create your customs acls, you will to know how to edit files on shell.

Check this post, you must read about squid acls rules if are not familia with or you will cry.

https://forum.opnsense.org/index.php?topic=16171.0

Hello.

Have some this questions:

  Can we setup custom acl's?
   group1 block or allow this destinies
   group2 block or allow this destinies

   Have an option for log rotation?

   Does we have a report usage?

   Thanks all.

Hello.

  For squid MITM we need CA Auth, I create one and see 2 files to downoad [crt,key].pem, which one I need to download and install on my browsers?

  Last thing, a lot of manuals show the option to download .crt key, but in my case I don't see that option, is gone or is a bug?

  Running OPNsense 24.7.4_1-amd64
 
 

Deberias cambiar el subject, nada que ver con tu situacion, saludos.

Hello.

For the Reflection and Hairpin NAT setup, the dns that handle the domain name is external, do we need to setup a PTR ?

I have a web server behind opnsense LAN, I setup NAT reflection base on the doc from opnsense, but don't seen to work, if I setup a dyndns for the  hostname, works but if I Use the current domain name hosted on a X provider doesn't work, what I see is that the PTR doesn't work.

This is why my question, any input will be appreciated, regards.

NOTE: Running 24.1_10.