Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - glenb2

#1
Quote from: Bob.Dig on June 30, 2026, 09:26:47 AM
Quote from: glenb2 on June 30, 2026, 03:00:03 AMSorry if this is a dumb question
That is how routing works, if it is not local, it gets out the default gateway.

Why is your last screenshot not showing any ports, that is dumb for sure.

Showing who you really are on the internet is dumb for sure. Have the life you deserve. :)
#2
Thank you. I didn't expect I would have to do that. I came here for education. Thank you..

I politely steer whoever to notice from my first post that I described outward traffic.

Thank you wincent, lmoore and Monviech
#3
Here is my alias. Yes, private networks and bosons are blocked on my WAN interface.

lmoore and Monviech, Thank you.
#4
There is no range. It is just a single number that allows for VPN access into OPNsense from the internet.


Bob.Dig, I'm here asking for help and to learn because I'm not a network engineer. Wincent is asking about an 'in' rule. My concern is that I don't understand why I'm seeing outbound traffic to what I thought were private address spaces from my WAN interface.
#5
Here are my rules. I only have 5. I passthrough my WAN port directly to my OPNsense VM so Proxmox isn't exposed to the internet.

Thanks!
#6
I have a pretty simple setup. I have LAN, WAN, WG0(Wireguard), and IOT interfaces. My IOT network prevents internal communication using a rule that only allows internet access, by using an alias that describes RFC1918 ranges. This rule allows traffic excluding the alias ranges using the invert option in the rule. My LAN interface runs on 192.168.10.X. My WG0 interface runs on 10.14.x.x. WAN interface has block private and bogon networks enabled.

I use a destination NAT rule to force all DNS requests to use pihole, then I use OPNsense unbound as the upstream server.

OPNsense runs on top of Proxmox (forbidden router I know)

I looked up port 7000, and while I do use MacOS and Apple products, I don't have any devices at these addresses. They are all in the LAN interface range. I have pinged these addresses and there is no response.

Thanks again for the response!
#7
Thanks for the response. Yes, my WAN ip has a public address ending in .235
#8
Hello,

Sorry if this is a dumb question, but could someone explain why my WAN interface is passing outward traffic to these networks? These are not even ranges that exist in my internal network.
#9
Thank you very much! Works perfectly. Much more straightforward than what I had found online.
#10
I have tried updating the dns server in the general settings to specify my pi-hole instance, but my dhcp clients are still receiving the default gateway ip for dns instead of my pihole ip. If I specify the pihole ip on the client, it will go to pihole and work normally.

I seem to remember this was a simple setting when using ISC, but I'm not absolutely clear how to do it now with Dnsmasq. I was under the impression the dns servers under the general settings would be sent to DHCP clients. Is DNS forwarding the way to do this? I'm sure I'm missing something simple. There is nothing complex about my setup.

Since the upgrade from ISC, I have just used the Unbound blocklists but want the pi-hole dashboard now for materics.
#11
Hello everyone,

My wireguard clients are able to connect when tethered to my cell phone, but not when they are connected to wifi. They are able to connect to my local wireguard instance when on wifi, but not my remote wireguard instance. The stranger thing is that I could have sworn this configuration used to work fine, but perhaps I'm wrong. In essence I'm having a hard time even wrapping my head around what is the difference between connecting via tether vs. wifi. I have whitelisted my domains in zenarmor.

Thanks!

UPDATE! Both domains needed to be excluded in both zenarmor instances