Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - amithad

#1
Hi,

Was this due to a bug? I have found some forum posts of the older versions which has been fixed.

Thanks
#2
Hi,

I was able to setup a transparent firewall successfully using OPNsense forum and documentation. I configured the NetFlow settings on my bridged interface successfully. But I have some questions on the graphs that generated from my OPNsense firewall.

1) The traffic graph generated on bridge interface shows very similar pattern on in Inbound and the Outbound streams. Could that be?(screenshot attached)

2) The Insight tool doesn't show ant data on any interface.I have configured the NetFlow section based on the documentation.(screenshot attached)

I want to get historical data on the bandwidth usage as well. Lets assume I want to get bandwidth usage details for a particular IP for a week, month etc. And the top bandwidth usage hours based on the traffic graphs.

Currently I am able to get the statistics on bridged interface with "all" option on the filter. What should I do to get the above mentioned requirements?


Thanks
#3
Hi Jschellevis, Micky

8) 8) Finally I was able to achieve what I thought, using OPNsense transparent firewall. Thank you so much for devoting time on my requirement. Special thanks for Jschellevis for updating the documentation.

It took me more time than expected, since I was new to OPNsense and not following the documentation carefully. When creating the bridge using LAN and WAN, I couldn't access the management interface, since  I used the Third interface OPT1. But after creating the bridge ( OPT2 ), I dont need the OPT1 interface at all to manage the Transperant firewall. And now I know with just Two Interfaces are suffice; and I dont have to change my IP settings or subnet of the LAN,  when implementing OPNsense transparent firewall  8).

I am planning to implement Ntop and Rule creation on the transparent firewall. For that I will refer the documentation and if  needed I will get the help of the forum. Currently my Inbount and Outbound traffic shows the same traffic graph which is bit of a question to me ( hope to get clarify in a different thread )

All in all I am very satisfied with OPNsense as the motto says HIGH END SECURITY MADE EASY!

Thanks a lot  :)
#4
Hi All,

I tried after giving allow rule, which stated on step 7 on the documentation for all the interfaces. Still my LAN users are not able to connect to the internet through the OPNsense transparent firewall. When I try to give the gateway, It doesn't allow to add the gateway on the WAN interface and it gives an error message.

My IP setup is as follows:

Internet <----> Production FW's Internal IP ( 192.168.1.7/24 )<-----> OPNsense FW(OPT1 IP is 192.168.1.8, LAN and WAN doesn't have IPs since it's bridged )<--------> LAN ( 192.168.1.0/24 )

All my LAN workstations have the default gateway as 192.168.1.7 and the primary DNS server as 192.168.1.10                                           
#5
Hi All,

I did a mistake while configuring the rules given on step 7. I just add an allow rule to the floating rules. I didnt apply allow rules to all the three interfaces (LAN,WAN,OPT1).

I have corrected those. I will try this on the production network and give the feedback. I APOLOGIZE for the mistake I have done. :)

 
#6
Hi All,

Finally I was able to manage to access the management interface (OPT1) after creating the bridge using LAN and WAN. But I did a slight change, since I failed Two times after following the exact steps on the documentation. I created the bridge at the end and allow all traffic to all interfaces as given in the documentation.

But now I'm facing a different issue. My LAN users are not able to access the internet. :( , My production firewall's LAN IP is 192.168.1.7 that IP is given as the default gateway to all my workstation on LAN. If I am right I dont have to change those since my OPNsense transperant firewall act in bridge mode.

What should I do to give the internet access to LAN users?

Thanks
#7
Quote from: jschellevis on May 15, 2017, 05:04:22 PM
FYI: I just updated to docs as there have been some changes since 15.7.11 that prohibit the filtering bridge to work with further configuration. See: https://docs.opnsense.org/manual/how-tos/transparent_bridge.html


I recommend to check each step again if thing do not workout as intended.

Cheers,

Jos

Hi,

I followed the exact steps on the documentation. But after creating the bridge by combining the LAN and WAN interface I was not able to access the management interface :(

Thanks

#8
Hi Jos,

Many thanks for the information.

:) :)


#9
Good Morning Micky!

Thanks for the information. I'll try with your information.

Thanking you again  :)
#10
Hi Micky,

Thanks a lot for your valuable information and time on my matter. I am implementing this OPNsense firewall to mitigate the drawbacks of my tire1 firewall which is I'm not allowed to change.

I'm planning to do this without changing the IP addresses of my LAN. I hope that the WAN interface and the LAN interface can apply the IPs of the same subnet on my OPNsense firewall!! I'll try your valuable information of the transparent proxy as well.

For further clarification I give my IP addressing plan below:

Internet<----> Tire1 Firewall's Internal IP (192.168.2.7/24)<----->OPNsense Firewall's WAN IP(192.168.2.6/24)===OPNsense Firewall's LAN IP ( 192.168.2.6/24)<------> LAN(192.168.2.0/24)

Since the routing function happens between Two subnets I doubts whether I can give the same subnet's IPs for my OPNsense firewall's WAN and LAN interface  :-\

I hope I gave my requirement clearly...!!! I want to know whether it's possible to achieve it using OPNsense.

Thanks  :)
#11
Hi Micky,

Thanks for your reply. Could you tell me why I was not able to access the management interface after creating the bridge?

Thanks again :)
#12
My firewall setup is as follows:

Internet <-------->Firewall<--------->Transparent Firewall(OPNsense)<-------> LAN
#13
Hi,

I'm building a transparent firewall and totally new to OPNsense. When I followed the OPNsense documentation pertain to Transparent Filtering Bridge (  https://docs.opnsense.org/manual/how-tos/transparent_bridge.html ) , and as soon as I followed the Third step of creating the bridge ; I was not able to access the LAN interface by typing http://192.168.1.1

Do I have to have three Ethernet cards (LAN, WAN and OPT1 ) to build a transparent firewall and configure it?

Thanks
#14
Hi chemlud,

Thanks for your support. Hope to get help from you all when building my OPNsense transparent firewall.

Thanks again  :)
#15
Sorry I got it. It's opnsense not opensense