Messages

1

General Discussion / Re: Firewall is driving me crazy, can anyone help me please

« on: February 17, 2024, 08:28:20 pm »

Hello John, I'll be doing that over the weekend. I was just experimenting with the options out there but my plan is exactly use proxmox to virtualize VMs and Containers. I've two baremetal machines, one is a protectly device that is running a dedicated OPNSense instance and the other is like a intel NUC that i'll be virtualizing some things (Home Assistant, Adguard, Unifi Controller and so...)

Thanks again for pointing me to the right direction, I understand more about networks and firewalls now

2

General Discussion / Re: Firewall is driving me crazy, can anyone help me please

« on: February 13, 2024, 08:35:46 am »

johnmcallister, I'm delighted with the quality of information you gave me in just a few posts, Thank you again in advance, I'm learning so much...

When I was reading your posts, I started to think more about the process that I made in order to install the Controller and I remembered that, at first, I just logged in with my ubiquiti's account to finalize the installation of the controller. Then I started to think that the requests were passing through the ubiquiti's external servers before heading to my network and this was causing issues although I didn't found easily at the firewall logs an external IP trying to comunicate with the AP or the controller... When I first installed the controller, I used a proxmox machine as I'm trying to setup my own homelab in baby steps... The controller was an LXC Container inside a proxmox machine. I didn't had issues with the connectivity of the machine itself or reaching the controller to finalize the initial configs, the first issue was adopting the device.

Then, reading your posts, I tried to install it on OPNSense itself, as a plugin, just to see what would happen if I had choosen to not sign in with my ubiquiti's account and for my surprise, it worked like a charm out of the box. I had to do some small configurations like setting up an access port on my switch just to connect the AP, grab an IP on the subnet that I needed and then using set-inform to be visible to the controller. set-inform worked this time at the first try.

Then I got deeper, trying to pass different VLANs to the ubiquiti's AP in order to have multiple WIFI networks for different purposes... This part was kind of trick but I could figure out eventually.

Despite installing controller on OPNSense as a plugin, my plan is to move it to a dedicated container on my proxmox machine now, that I just understood more about the process...

When I was reading your posts, two questions came up and I would like to ask you, if you allow me...


1 - Coming back to the scenario where I was logged in the controller with my ubiquiti's account, what steps could I have done in order to allow it in the FW? I'm always lost in those kind of configurations because I think I lack at the knowledge on how to debug those kind of things or which tools I should use. I know that I needed a rule to allow external access to a specific port, at least for a start, but where should I put it? each WAN? Only on the internal network? Also, I do need to fill Port Forward and add an Rule at Rules section?


2 - The second one have little sinergy with the first one... On the firewall submenu of opnsense, I see NAT, then I see Port Forward and Outbound inside of it.

But there's also a separated submenu Rules and then, rules for every network that I have. Then, it comes to me as the question: What means port forward / outbound / rules? If i want to open up a port for the outside world, I should open on port forward only or do I need to open in the others aswell, I don't know exactly...

I think get a little lost about where do I need to put the rule. To be honest, in my NAT -> Outbound there's only two 4 rules that were created automatically but I still changed it to a hybrid outbound nat in order to address something if I needed but to be fair, I just don't know when I need to put something there... Why it differs to the others?



The same questions stand for the Port Forward section and Rules, I mean, if I put a rule in the port forward, I need to put the same in Rules > specific network?

Before trying OPNSense, I just had experience with common routers and I just had one place to put Port Forward, for instance... I never needed to put it in other places aswell


Again, thank you so much for the kind of learning that you provided me

3

General Discussion / Re: Firewall is driving me crazy, can anyone help me please

« on: February 12, 2024, 04:57:52 pm »

Hello johnmcallister, thanks for your comment. Can you elaborate on it a bit more? I tried to do so many things back and fort that I think I'm still not doing it right... Let me post my FW rules here to see if helps

Currently, I only have floating rules



I use adguard and tried to point the unifi hostname to the controller IP (not sure what is the unifi.localdomain, it is going to my unbound DNS)



When I go and SSH unifi, the info command shows a Timeout but it's showing up on the unifi controller's list to adopt



Thanks in advanced! I really appraciate your help

4

General Discussion / Firewall is driving me crazy, can anyone help me please

« on: February 12, 2024, 10:21:57 am »

Hello. I've been wake all the night(serious) trying to get over this but I've no clue about what's going on. I just installed unifi controller and I'm trying to adopt my U6 AP but the firewall is blocking it.



Unifi Controller stays "adopting" and never does.





I made a test, turning off the firewall solves de issue but as soon as I turn it on again, the unifi AP changes from adopted to "adopting" and stops working

Can someone guide me over the firewall rule that I need to solve it? It doesn't makes sense for me at moment and I don't know why. I tried to open exactly the rule that I saw blocked but it just didn't work