Messages

I've began to set up Traefik utilising a Traefik.yml and docker-compose.yml from Github. Everything looks like, it's set up: The container in Portainer is created and I get a certificate in my acme.json file. I also get no errors in my logs.

When i try to access the address of the Traefik dashboard, i get a DNS MX error "DNS_PROBE_FINISHED_NXDOMAIN"

This would suggest that there is a fault with DNS and my dashboard is not resolving. My Domain name with Cloudflare resolves but the dashboard doesn't respond to any NS Look up queries.

I'm running OPNSense with Unbound pointing to CloudFlare with Dynamic DNS set up.

I've installed Traefik on my LXC container which also runs my Arr Stack.

Any ideas please? - Is it an opnsense firewall issue? Have i not correctly done something with DNS?

Brilliant - thanks for everything and thanks for clarifying! You are correct, I don't want my DMZ to access my LAN or my Private Devices Vlan - I want to do the same with the Guest Wifi Vlan and IoT Devices Vlan......i'll get there in the end.

Would you recommend applying a rule to 'reject' anything with a destination of 'Private RCC Networks'? and place above all other rules?

I don't really understand how you can get to the internet with these rule

You were right, i changed the rule from LAN Net to Any and it connects. I'm able to update my Ubuntu repo's

I can ping external addresses from the vlan, I just can't reach linux repositories and can't resolve NSlookups as the server 127.0.0.1:53 is unreachable.

The DNS part is where I am slightly confused, as there are numerous places you can put entries.

I have used 1.1.1.1 and 8.8.8.8 in the DMZ DHCP DNS server entries.

I have also used 1.1.1.1 and 8.8.8.8 in Unbound DNS TLS entry.

Thanks for your ongoing advice/help - it's appreciated!

I thought I would try a NAT Port Forward from DMZ to DMZ Net (DNS) but that's not worked either. I'm trying to get the VM's to at least update, so that I can confidently deploy another VM and start the next project which is HomeAssistant.

The rules are all 'IN' rules no out rules.

IPv4+6 TCP/UDP   DMZ net   *   DMZ address   53 (DNS)   *   *      Allow access to DNS      
IPv4+6 *   DMZ net   *   LAN net   *   *   *      Access to internet      
IPv4 ICMP   *   *   *   *   *   *      Allow ICMP echo reply messages      
IPv4 TCP/UDP   DMZ net   *   LAN net   53 (DNS)   *   *      DMZ to LAN DNS access

Have you set the DNS IP 192.168.1.1 in the DMZ DHCP as DNS server?
No. Ive set it to 1.1.1.1 and 8.8.8.8

I've got Unbound enabled and Dynamic DNS set up via Cloudflare.

It was all working fine when i had everything on VLAN 1 and all the VM's were running via Vmbr0 (Proxmox Host). Now i've changed IP's and Vlans on the VM's i can ping everything internal and external, i just can't get DNS.

Direction "in"?

Yep, direction In. Just on the DMZ firewall rules

I've put some of my VM's in their own DMZ Vlan 192.168.50.** /24
My DNS is obviously on the LAN on 192.168.1.1

I've put a rule in the DMZ Firewall - Source DMZ Net to LAN Net on Port 53 (Pass Any).

Whenever i type Nslookup my VM's cannot contact the server. I'm also not able to update any of my VM's.

I take it that DNS is being blocked by the Firewall but I can't figure out why.

Its a steep learning curve

IT's Working!!!! - Spent the days double checking everything. Put the Firewall rules to Any instead of my Alias of 'Private RFC Networks'

Thanks for your help all!

So the default Vlan on the Unifi Controller and AP - Vlan1 works, we've connected all our devices to this SSID.
The Guest Wifi Vlan 50 also works.
I've created another vlan for IOT devices Vlan 20 same rules doesn't work.

So, i deleted all vlan's and started again from fresh. I am able to set up a default SSID and default vlan in Unifi controller, this gets access to the internet. I then tried to log in to the second SSID called 'Guest', i can connect to it on my phone, but with no internet.

I've looked at the DHCP lease on OPNsense and my phone gets a lease on the DHCP.

The firewall rules i've created on each VLAN assignment are 'IN' rules, e.g. ensure that the NET host gets DNS and also that it can connect to Private Networks e.g. 10.0.0.0./8 192.168.1.0/24.

I haven't created any outbound rules.

What would be the DNS issue?

My small network setup is my home server which hosts OPNsense virtually via Proxmox. I've got a Unifi AP running into to my Netgear GS108E, which I've configured as a trunk port (port 7) and then Port 8 is also a trunk port running into the LAN port on the router (opnsense).

I set up 3 Wifi networks on Unifi Controller with Vlans IOT(20), Guest(50) and Personal(10). I set up the same vlans on the switch and on opnsense and ensured that DHCP is set up for all Vlan assignments. They are identical other than the change in IP.

I can only get Vlan 10 to work and connect to the internet. The other vlans will not connect to the internet. I tried connected several devices to the guest network to try and get connected. These devices get an IPIPA address on Unifi. This would suggest that it's a DHCP issue, but the DHCP set up is identical on each.

I reset everything this morning and Vlan 10 lost connection, much to the dismay of everyone in the household and then Vlan 50 would only connect. I've had to just delete everything...reset just so that the wifi is working via the default vlan1

Is the Netgear struggling to pass tagged packets from the Unifi AP? Any ideas?

I installed it and got it working - all connected to the internet. I'm having issues with Vlans now especially with the SSID's and Vlan tags from the Unifi AP. other than that i'm happy with OPNsense just need to work out the Vlan situation.

Hey all, hope you are well.

Evening all - hope you are well?

I want to replace my BT Smart Hub ISP router with OPNsense.

I want to install OPNSense on a VM inside Proxmox and utilse a dual NIC. My plan is to utilise the Full Fibre and by pass and do away with the ISP Router. I then intend on purchasing a Unifi AP for the Wifi.

Its the first time attempting this and I will be managing the LAN/WIFI for the whole family.

Before I start this, is there anything I should be aware of/worried about/ensure that I do?

Is there any guides on how to do it properly, without bodging the family internet?

Cheers.