Messages

Hello John, I'll be doing that over the weekend. I was just experimenting with the options out there but my plan is exactly use proxmox to virtualize VMs and Containers. I've two baremetal machines, one is a protectly device that is running a dedicated OPNSense instance and the other is like a intel NUC that i'll be virtualizing some things (Home Assistant, Adguard, Unifi Controller and so...)

Thanks again for pointing me to the right direction, I understand more about networks and firewalls now

johnmcallister, I'm delighted with the quality of information you gave me in just a few posts, Thank you again in advance, I'm learning so much...

When I was reading your posts, I started to think more about the process that I made in order to install the Controller and I remembered that, at first, I just logged in with my ubiquiti's account to finalize the installation of the controller. Then I started to think that the requests were passing through the ubiquiti's external servers before heading to my network and this was causing issues although I didn't found easily at the firewall logs an external IP trying to comunicate with the AP or the controller... When I first installed the controller, I used a proxmox machine as I'm trying to setup my own homelab in baby steps... The controller was an LXC Container inside a proxmox machine. I didn't had issues with the connectivity of the machine itself or reaching the controller to finalize the initial configs, the first issue was adopting the device.

Then, reading your posts, I tried to install it on OPNSense itself, as a plugin, just to see what would happen if I had choosen to not sign in with my ubiquiti's account and for my surprise, it worked like a charm out of the box. I had to do some small configurations like setting up an access port on my switch just to connect the AP, grab an IP on the subnet that I needed and then using set-inform to be visible to the controller. set-inform worked this time at the first try.

Then I got deeper, trying to pass different VLANs to the ubiquiti's AP in order to have multiple WIFI networks for different purposes... This part was kind of trick but I could figure out eventually.

Despite installing controller on OPNSense as a plugin, my plan is to move it to a dedicated container on my proxmox machine now, that I just understood more about the process...

When I was reading your posts, two questions came up and I would like to ask you, if you allow me...


1 - Coming back to the scenario where I was logged in the controller with my ubiquiti's account, what steps could I have done in order to allow it in the FW? I'm always lost in those kind of configurations because I think I lack at the knowledge on how to debug those kind of things or which tools I should use. I know that I needed a rule to allow external access to a specific port, at least for a start, but where should I put it? each WAN? Only on the internal network? Also, I do need to fill Port Forward and add an Rule at Rules section?


2 - The second one have little sinergy with the first one... On the firewall submenu of opnsense, I see NAT, then I see Port Forward and Outbound inside of it.

But there's also a separated submenu Rules and then, rules for every network that I have. Then, it comes to me as the question: What means port forward / outbound / rules? If i want to open up a port for the outside world, I should open on port forward only or do I need to open in the others aswell, I don't know exactly...

I think get a little lost about where do I need to put the rule. To be honest, in my NAT -> Outbound there's only two 4 rules that were created automatically but I still changed it to a hybrid outbound nat in order to address something if I needed but to be fair, I just don't know when I need to put something there... Why it differs to the others?



The same questions stand for the Port Forward section and Rules, I mean, if I put a rule in the port forward, I need to put the same in Rules > specific network?

Before trying OPNSense, I just had experience with common routers and I just had one place to put Port Forward, for instance... I never needed to put it in other places aswell


Again, thank you so much for the kind of learning that you provided me

Hello johnmcallister, thanks for your comment. Can you elaborate on it a bit more? I tried to do so many things back and fort that I think I'm still not doing it right... Let me post my FW rules here to see if helps

Currently, I only have floating rules



I use adguard and tried to point the unifi hostname to the controller IP (not sure what is the unifi.localdomain, it is going to my unbound DNS)



When I go and SSH unifi, the info command shows a Timeout but it's showing up on the unifi controller's list to adopt



Thanks in advanced! I really appraciate your help

Hello. I've been wake all the night(serious) trying to get over this but I've no clue about what's going on. I just installed unifi controller and I'm trying to adopt my U6 AP but the firewall is blocking it.



Unifi Controller stays "adopting" and never does.





I made a test, turning off the firewall solves de issue but as soon as I turn it on again, the unifi AP changes from adopted to "adopting" and stops working

Can someone guide me over the firewall rule that I need to solve it? It doesn't makes sense for me at moment and I don't know why. I tried to open exactly the rule that I saw blocked but it just didn't work