Messages

1

24.1 Legacy Series / Re: double NAT and VPN access to endpoint in transfer lan

« on: July 19, 2024, 10:15:20 am »

Ok i got it working.

Had to set a NAT rule in the outbound nat section, to translate VPN traffic destinating to 10.0.0.1.

regards

2

24.1 Legacy Series / double NAT and VPN access to endpoint in transfer lan

« on: July 19, 2024, 01:20:21 am »

Hey Guys!

Weird constellation here.

I have a dedicated machine with one external ip address forwarded to it's proxmox physical interface.

I configured an opnsense VM to function as the perimeter for the underlying VMs.

Everything works so far like port forwards for the servers, VPN etc. etc.

So i have the Public IP for example 123.45.67.89 facing on the proxmox host, wich redirects all traffic to the transfer net 10.0.0.0/30.

10.0.0.1 is the Proxmox host itself, wich is reachable by port 8006.
10.0.0.2 is the WAN interface of the opnsense vm.


i configured an openvpn server on the firewall and want to access the 10.0.0.1 address of the proxmox server wich is in the transfer net. Without any success.

The thing is, i can reach the 10.0.0.1 from the server wich is behind the Firewall on 192.168.10.0/24.

Route 10.0.0.0/30 is pushed to the vpn clients


Do you guys have any suggestions on how i can accomplish that?

regards
~Lukas

3

Intrusion Detection and Prevention / Re: Suricata policy - v7.0.3 ?

« on: March 28, 2024, 08:14:02 pm »

I just restarted the firewall. It was still the same problem.

I tried messing around with the Policies. I did set it to disable and now my "emerging threat scan" rules work. Like i defined them in the rules tab with "drop".

I enabled the policy again, with the rule inside and it goes back to alert only. All other included rules in the policy go to drop.

So for now i take out the scan rule package from the policy and set them to manually drop. This works in my case.

4

Intrusion Detection and Prevention / Re: Suricata policy - v7.0.3 ?

« on: March 28, 2024, 05:28:06 pm »

I have the same problem.

Policies just don't work as expected on my side.

Included all my installed Rules. Set them to drop.

Some are now dropping, some are not- like port scans and sql injection attempts etc. etc.

I gone so far that i changed the scan rules themself to drop. But guess what. They are still coming through.

I even click on the triggered alert, showed me action allowed. But down in the dropdown it says rule action is set "drop".

Like i don't understand it anymore.

5

Intrusion Detection and Prevention / Drop Policy and directly set Rule to "Drop" not working.

« on: March 28, 2024, 03:45:09 pm »

Hey there.

I have a Problem in the IPS of OPNsense.

I did download and enable some rules and i see them all hitting in the alert tab. I also created a Policy including all downloaded rules to set them to drop.

When i now look at the alert tab, i see that requests get dropped. Like Network trojan and many other things.

But when it comes to the emerging threads scan category. Everything is allowed. I tried different NMAP scans, they all get detected but are allowed and not like i would like to have them on "drop".

So i thought something must be wrong or bugged with the policy. So i set all corresponding emerging thread scan rules to drop in the "rules" tab.

Restarted Suricata, restartet the firewall itself. But still, different rules not just scan just get allowed. How is this possible when i did set them to drop via policy and rule tab?

Thanks for any help