"
Thanks a lot, then better the go with bridge mode and l3-l4 security.
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages1
#2
Web Proxy Filtering and Caching / Re: WAF for SSL Traffic
August 27, 2025, 05:45:03 PM
Dude why did you get angry? I have just asked for solutions. Its suggestion looks logical to me but if its wrong please correct. Here is complete explanation:
QuoteMap Public IPs to OPNsense: Your internet provider or data center will route your entire block of public IPs to your OPNsense WAN interface. In OPNsense, you'll configure these as Virtual IPs (Interfaces > Virtual IPs). This tells OPNsense that it is responsible for handling all of those IPs.
Assign Private IPs to VDSs: Inside your Proxmox server, you'll need to configure each VDS to have a static private IP address (e.g., 10.0.0.1, 10.0.0.2, etc.). This is a crucial step to ensure the IP-based routing works correctly, as the VDS's private IP won't change.
Configure 1:1 NAT: This is the most important part. You'll set up 1:1 NAT (Network Address Translation) rules in OPNsense (Firewall > NAT > 1:1). Each rule will create a permanent, one-to-one mapping between a public IP and a private VDS IP. For example:
Public IP 203.0.113.10 is mapped to private IP 10.0.0.1.
Public IP 203.0.113.11 is mapped to private IP 10.0.0.2.
Manage SSL and WAF: With the traffic routed correctly, you can now manage SSL certificates and WAF rules for each VDS in the reverse proxy settings. OPNsense's ACME client will automatically issue and renew certificates for each domain, and the WAF will inspect traffic for each VDS separately.
#3
Web Proxy Filtering and Caching / Re: WAF for SSL Traffic
August 27, 2025, 05:23:20 PM
Gateway -> Opnsense server -> Proxmox Server(VDSs)
multiple ips -> Opnsense -> VDSs
Gemini suggests 1:1 Nat routing for waf and multiple ips. But I need to assign MAC adresses manually.
multiple ips -> Opnsense -> VDSs
Gemini suggests 1:1 Nat routing for waf and multiple ips. But I need to assign MAC adresses manually.
#4
Web Proxy Filtering and Caching / Re: WAF for SSL Traffic
August 26, 2025, 11:41:24 PM
Actually it must be possible but probably there is no configurations for that and I will not be able to configure this. When I talk gemini, Its says routing public ips to private ips of vps as reverse proxy. Not domain based but ip based proxy.
#5
Web Proxy Filtering and Caching / Re: WAF for SSL Traffic
August 26, 2025, 11:00:35 PM
OPNsense dont need to use Customers certificates. But VDSs has different IPs. OPNsense will be bridge not proxy, will it differ? OPNsense can terminate different ips for different domains and use auto issued certificates?
#6
Web Proxy Filtering and Caching / Re: WAF for SSL Traffic
August 26, 2025, 03:50:59 PM
Yes, I will buy business edition for WAF. I mean there will VDSs which belongs to customers who can use their custom certificates which we don't have. Can OPNsense issue SSLs automatically for websites inside VDS which we dont have any info about?
#7
Web Proxy Filtering and Caching / WAF for SSL Traffic
August 25, 2025, 11:36:10 PM
Hello,
I want to buy opnsense business for my proxmox server. I will use it between internet and virtual servers on proxmox. Can I use WAF for SSL traffic without Root CA Certificate. Self signed certificates don't trusted by browsers so I can't use it. Is there any other solution on OPNsense?
I want to buy opnsense business for my proxmox server. I will use it between internet and virtual servers on proxmox. Can I use WAF for SSL traffic without Root CA Certificate. Self signed certificates don't trusted by browsers so I can't use it. Is there any other solution on OPNsense?
Pages1
