Messages

1

General Discussion / VLAN User Management

« on: October 21, 2024, 06:00:11 pm »

Dear community,

I have a OPNsense network with multiple users that all have their own IPv6 VLAN on which they host services. At this moment I need to add the firewall rules for all of their services since I am the only OPNsense administrator. Hence, I was wondering if I could create OPNsense user accounts where each user has only control over his/her VLAN and nothing else. That is, they control the port forwarding and firewall rules for their VLAN s.t they can change firewall rules according to their needs instead of depending on me doing it for them. I would compare it to a VPS where you also have control over the firewall but cannot modify the firewall of other users.

Thank you!!

2

24.7 Production Series / Unbound + Bind9 = locally not resolving but externally it does

« on: August 25, 2024, 01:16:03 am »

Dear opnsense community,

I recently created an Bind9 Authoratative namserver VM to serve my domain names all on the same IP address. Now, when I resolve the domain names from outside my network I can resolve them and dig NS example.com also works. However, when I am on my local network I cannot resolve the domain names that are globally routable. This happens when I choose unbound to be my DNS upstream. When I change the DNS upstream to 1.1.1.1 for instance then it does resolve the domain names served by Bind9 again. All other domain names are perfectly resolved by the Unbound DNS resolver, only not my applications that I host locally but are exposed externally by Bind9. Maybe someone knows, what kind of settings i should adjust to locally resolve my domain names as well.

Cheers,

Dennis

3

Tutorials and FAQs / Open source OS and WAP's as an alternative for Unifi

« on: August 08, 2024, 11:47:40 pm »

Heey guys!! I have scrolled on the internet a bit to find open source alternative solutions that can compete with ubiquity/unifi wireless access points and their controller software, with VLAN's etcetera. I could only find old threats about OpenWRT but nothing new and as well developed as OPNsense for routing. Do you guys now of any of such projects running at the moment ? I would be eager to try them out!!

Cheers Y'all.

4

Tutorials and FAQs / Cannot reach local resources from outside of my LAN on IPv4 nor IPv6

« on: August 05, 2024, 08:08:37 pm »

Dear OPNsense community,

For some reason I cannot access internal resources with port forwarding over IPv4 outside of my LAN (using my mobile phone's cellular network for instance).

However, internally I can reach my resources from a domain name that I have registered at domain registrar (Porkbun in my case) both on IPv4 and IPv6. As an example, to test if I can reach internal resources I created a simple apache web server VM on Proxmox that listens on port 80 for IPv4.

1. Create apache VM (10.99.0.101) on Proxmox that listens on port 80 for both IPv4 and IPv6
2. Go to domain registrar and set my DNS settings example.com -> 88.89.89.2 (public IP on WAN interface)
3. Go to OPNsense > Firewall > NAT > Port Forward and create two entries for HTTP and HTTPS.

Interface: WAN
TCP/IP Version: IPv4
Protocol: TCP   
Destination: WAN address
Destination port range: HTTP to HTTP
Redirect Target IP: Single host network (10.99.0.101 IP address of apache VM)
Redirect Target port: HTTP
Pool options: default
NAT reflection: Use system default
Filter rule association: Rule

The HTTPS is just a copy from the HTTP with HTTPS. Next to that I attached my Firewall WAN settings. Finally, I also selected inside the Firewall > Settings > Advanced

Reflection for port forwards: Enabled
Reflection for 1:1: Disabled
Automatic outbound NAT for Reflection: Enabled

Hopefully, one could help me here! since right now I cannot reach any internal resource from outside my network.

Cheers