"
Forgot to mention:
(rules/settings/advanced)
Reflection for port forwards CHECKED
Automatic outbound NAT for Reflection CHECKED
(rules/settings/advanced)
Reflection for port forwards CHECKED
Automatic outbound NAT for Reflection CHECKED
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
General Discussion / Centurylink Transparent Bridge mode
March 01, 2025, 05:04:58 PM
I have a C4000 router, and managed to get it working last night in transparent bridge mode. Settings to note follow:
(Interfaces/WAN)
WAN device pppoe0
IPv4 Config type PPPoE
MTU 1492
MSS 1460
Vlan priority "best effort"
(Interfaces/devices/point to point)
Type PPPoE
Link Interfaces (same as WAN is assigned)
Username
Password
(Interfaces/devices/VLAN)
Nothing needed.
On the centurylink router, I had to use Port 1, not the one that is labeled LAN/WAN
(Interfaces/WAN)
WAN device pppoe0
IPv4 Config type PPPoE
MTU 1492
MSS 1460
Vlan priority "best effort"
(Interfaces/devices/point to point)
Type PPPoE
Link Interfaces (same as WAN is assigned)
Username
Password
(Interfaces/devices/VLAN)
Nothing needed.
On the centurylink router, I had to use Port 1, not the one that is labeled LAN/WAN
#3
General Discussion / Re: Port forwarding through ISP router and OPNsense?
February 27, 2025, 04:45:52 PM
Thanks for that video! It looks like the easiest way to get outside access through the system.
#4
General Discussion / Port forwarding through ISP router and OPNsense?
February 27, 2025, 04:57:51 AM
Is it possible to get incoming connections through both the ISP and OPNsense? I tried, but failed.
I had OPNsense setup as the default.
ISP router on 192.168.1.1, OPNsense WAN on 192.168.1.10, OPNSense LAN on 192.168.10.1
The system was working great. Then I wanted to open a connection to my sever that is on 192.168.10.5
Before OPNsense, I just did a port forward from the incomming port of 1234 to port 80 on 192.168.10.5
My attempts to get an outside connection working has failed so far. I thought there would be a way with firewall rules.?
I had OPNsense setup as the default.
ISP router on 192.168.1.1, OPNsense WAN on 192.168.1.10, OPNSense LAN on 192.168.10.1
The system was working great. Then I wanted to open a connection to my sever that is on 192.168.10.5
Before OPNsense, I just did a port forward from the incomming port of 1234 to port 80 on 192.168.10.5
My attempts to get an outside connection working has failed so far. I thought there would be a way with firewall rules.?
#5
General Discussion / Re: DNS fails on only a few sites.
February 26, 2025, 12:37:40 AM
YES! Found the issue. I had to edit named.conf.options and add this line. Now all sites resolve.
dnssec-validation yes;
dnssec-validation yes;
#6
General Discussion / Re: DNS fails on only a few sites.
February 26, 2025, 12:12:47 AM
Thanks for responding,
I tried unchecking Override MTU. Same thing. Tried setting MTU to 1492. No change. This must be a problem with Ubuntu 24.04 server and bind.
; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> @localhost aviationweather.gov
...
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
and
; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> @8.8.8.8 aviationweather.gov
...
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
I noticed on sites that fail that "flags: qr rd ra ad;" has the 'ad' where sites that work fine don't have that.
I'll keep looking into the DNS server.
I tried unchecking Override MTU. Same thing. Tried setting MTU to 1492. No change. This must be a problem with Ubuntu 24.04 server and bind.
; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> @localhost aviationweather.gov
...
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
and
; <<>> DiG 9.18.30-0ubuntu0.24.04.2-Ubuntu <<>> @8.8.8.8 aviationweather.gov
...
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
I noticed on sites that fail that "flags: qr rd ra ad;" has the 'ad' where sites that work fine don't have that.
I'll keep looking into the DNS server.
#7
General Discussion / DNS fails on only a few sites.
February 25, 2025, 10:07:21 PM
I'm a new user and running OPNsense in the default mode.
Centurylink router on 192.168.1.1. OPNsense gets 192.168.1.205 for the WAN.
Local network LAN is on 192.168.10.0/24 with a Ubuntu DNS server on 10.6.
Client computers get DNS only from 10.6 fine with a couple exceptions;
https://aviationweather.gov/ fails, as does https://travel.state.gov
The DNS server has 8.8.8.8 as a forward, and on my computer I can edit /etc/resolv.conf and change the nameserver to 8.8.8.8 and those sites work fine on my computer. DHCP issues only 10.6 as the DNS server like I want it to. Seems to be something to do with passing DNS through OPNsense.
Any help would be appreciated.
Lisa
Centurylink router on 192.168.1.1. OPNsense gets 192.168.1.205 for the WAN.
Local network LAN is on 192.168.10.0/24 with a Ubuntu DNS server on 10.6.
Client computers get DNS only from 10.6 fine with a couple exceptions;
https://aviationweather.gov/ fails, as does https://travel.state.gov
The DNS server has 8.8.8.8 as a forward, and on my computer I can edit /etc/resolv.conf and change the nameserver to 8.8.8.8 and those sites work fine on my computer. DHCP issues only 10.6 as the DNS server like I want it to. Seems to be something to do with passing DNS through OPNsense.
Any help would be appreciated.
Lisa
#8
General Discussion / Re: Default deny / state violation rule SMB traffic on VLAN
February 25, 2025, 05:27:21 PM
Is your NAS TRAFFIC rule not always matching?
Pages1
