Messages

It must be in some of these files where AJAX is defined, for the duration of the turning of the logging on or off:

Code Select Expand

# grep -r "fa fa-info-circle " /usr/local/opnsense/
/usr/local/opnsense/mvc/app/views/layout_partials/form_input_tr.volt:                <i class="fa fa-info-circle text-muted"></i>
/usr/local/opnsense/mvc/app/views/OPNsense/IDS/index.volt:                    <i class="fa fa-info-circle text-muted"></i>
/usr/local/opnsense/mvc/app/views/OPNsense/IDS/index.volt:                    <i class="fa fa-info-circle text-muted"></i>
/usr/local/opnsense/mvc/app/views/OPNsense/Firewall/alias.volt:                                            <i class="fa fa-info-circle text-muted"></i>
/usr/local/opnsense/mvc/app/views/OPNsense/Firewall/alias.volt:                                            <i class="fa fa-info-circle text-muted"></i>
/usr/local/opnsense/mvc/app/views/OPNsense/Core/firmware.volt:                        '<i class="fa fa-info-circle fa-fw"></i></button>' +
/usr/local/opnsense/mvc/app/views/OPNsense/Core/firmware.volt:                                <td style="width: 150px;"><i class="fa fa-info-circle text-muted"></i> {{ lang._('Usage') }}</td>
Since the last 2x are for the firmware, and the previouse 2x are for aliases, the 1st one sounds like the right candidate.

Code Select Expand

            {% if help|default(false) %}
                <a id="help_for_{{ id }}" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a>
            {% elseif help|default(false) == false %}
                <i class="fa fa-info-circle text-muted"></i>
            {% endif %}

Any open sense web developers around who can point me at the right file?

Thanks in advance!

There must be more places where the logging glyph is defined because when it is being clicked, it reverts back to the original and only uses my changes after the page is refreshed by clicking 'Apply'.

far is supposed to just work, unless FA is locked on V4, according to their web site.

Use "5060:5090" for a range.

It's documented. 😉

https://docs.opnsense.org/manual/aliases.html

Ah, I see! Instead of the dash, port range uses colon. That explains why I saw 'invalid port'. It's not a very common range delimiter but works anyway.

Thanks for the tip!

Your UI looks different than our router's, and this is likely due to you being on the more recent version, so we are behind and do not have the same features as you. Your settings are under system settings logging, on our router box. Anywhow, your and our settings are the same.

Thinking about it, what works so well for SMTP won't work for VOIP because port type aliases do not accept port ranges. SIP port range that we use is 5060-5090, and RTP is 10000-20000. Are there any tricks to support that?

Then add a firewall rule to the LAN, at destination select any and at port specify the alias you've created before, go down to gateway and select gateway1.
Save it and move this rule up to the top.

Instead of the destination ports you can also specify certain source IPs if this is more eligible for your use case.

This did it:
Action pass
Interface LAN
Direction in
Protocol TCP
Source single host/net, the IP of the SMTP server
Destination port range the port type alias
Gateway GW1

Perfect, thank you so much!

It seems that 'far' is not working because open sense is using V4. But this is fine for now as the non-logging glyph is broken, and the logging glyph immediately jumps out on me.

As to logging, I could not find any logging checkboxes under firewall advanced settings but found them under system settings logging. None is checked off except for log errors from the web server.

It is in file /usr/local/www/firewall_rules.php, approximately at line 208. You will need to restart the web ui by "configctl webgui restart" after a file change.

This did it! Much appreciated! Although the glyph is now broken, for reason unknown (which I'll figure out later), but it is distinct and does the trick.

But this leads to another mystery: none of the filters is set to log, but I still have entries in live logging. I made sure that I go through all of the floating/lan/wan/loopback and expand all of the auto-generated, and none is set to log, yet the log is populating.
The entries that I am seeing are on the new gateway that I've just set up and on the loopback. Neither has any filters set to log, and I can't match any by the rid/rulenr from the log entry info.

Any pointers?

Hello, members,

Could someone please point me in the right direction for the PHP file name/path of the firewall rule pages.
I would like to replace the default logging icon generated by

Code Select Expand

fa fa-info-circle fa-fwwith

Code Select Expand

far fa-info-circle fa-fwI absolutely have to do it because, being vision impaired, I see no difference between rules that log and those that do not, whereas I have to disable some that do and to enable some that do not.

Thank you for your help!

You could set up a firewall rule that matches before your gateway group rule, match https traffic as destination, and set the explicit gateway you want for it.

I apologize but I do not follow your instructions.
Particularly, I do not understand what HTTPS has to do with my question or what the destination is.

EDIT: Could this be achieved by outbound NAT? It seems somewhat relevant, to my uneducated guess, but I never used it so don't know.

Hello, members,

Is it possible, and how can it be done, if some outbound connections need to use a certain gateway?
My organization has a router that's been using a single gateway 1, and I've just added gateway 2:

gateway group
gateway 1: igb0 -> pppoe0 (priority 254) -> provider 1, weight 1, tier 2
gateway 2: igb1 -> dhcp (priority 1) -> provider 2, weight 5, tier 1

Now, all outbound connections route through gateway 2 (unless I bring it down), but the goal is for some to use the old gateway 1.
They will be the outgoing SMTP connections from our mail server and SIP/RTP from our phones on the LAN. All of the browsing, FTP, Teams, etc. should use GW2.

How can/should this be set up?

Thank you for your help!