Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - wincent

#1
Quote from: glenb2 on June 30, 2026, 09:54:00 AMThere is no range. It is just a single number that allows for VPN access into OPNsense from the internet.


Bob.Dig, I'm here asking for help and to learn because I'm not a network engineer. Wincent is asking about an 'in' rule. My concern is that I don't understand why I'm seeing outbound traffic to what I thought were private address spaces from my WAN interface.


I thought it was inbound traffic, but if it's outbound, it's normal. As Bob.Dig said, the firewall defaults to sending all non local packets to the default gateway.

If you don't want to see these, set a rule as lmoore mentioned to intercept them.

:)
#2
I think HAProxy is an option for load balancing.
#3
What is the destination address(WAN address) port range for interface WAN rule?
#4
I drew a network topology diagram, and the general structure is like this (the drawing is a bit ugly)
You cannot view this attachment.
#5
26.1, 26,4 Series / Re: Schedule fw rule new style.
June 30, 2026, 08:49:18 AM
Have you created a new one or some in your schedule(Firewall -> Settings -> Schedules)? if so, open the 'advanced mode' in the upper left corner when you add the new rule.
#6
Em...It looks like a broadcast packet, but it shouldn't come from a public network address. Are there any other rules besides DNS NAT rules?
#7
This should be a default rule. Can you provide more information? Interfaces or directions
#8
Is your WAN interface bound to a public IP address? x.x.x.235?
#9
The firewall only handles the outbound load balancing, for inbound traffic, if PBR is not deployed in your front-end, the firewall will not determine which circuit the inbound packets come from. For example, packets from circuit 1 can be replied to through circuit 1 without any problem, but packets from circuit 2 are also replied to through circuit 1 by default, which may cause not be reachable and time out.
#10
This is not a firewall rule issue, it's a routing issue, The default route gateway of the firewall is only one. If the inbound traffic happens to be on your default circuit, there is no problem. If the inbound traffic is on another circuit, the firewall's outbound packets cannot reach this route. You need a layer 3 switch to run PBR to handle this.
#11
I thank you need a layer 3 switch that supports PBR to be placed between two FritzBoxes and OPNsense devices.
#12
26.1, 26,4 Series / Re: Hostnames not resolving
June 26, 2026, 04:26:02 AM
If you are using the default Unbound DNS service, set it here "Services -> Unbound DNS -> Overrides"
#13
Yes, it works!
You need to use UEFI mode, as LEGACY mode does not work.
#14
Is it possible that you have set up another rule without a label to log records?
#15
This command "/usr/local/etc/rc.d/suricata onestop" will check the status of Suricata and delete the stale PID file, you previously used `kill` to shut down Suricata abnormally, a PID file may be left behind.
Now try to shut down or reboot OPNsense directly using the webGUI.