OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of Fright »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - Fright

Pages: [1] 2 3 ... 39
1
21.1 Production Series / Re: How to increase logging for debugging of LDAP authentication setup?
« on: March 05, 2021, 05:33:08 pm »
Quote
What got authentication working was to append the base DN to this value to fully qualify it.
I think it's worth a ticket on github: either change the help text or attach a basedn to the container in the search function
Quote
I can press the "Select a container" button alongside the "Authentication containers"
tried without specifying a "Authentication containers"? with "base dn" only
(button uses the same search function, which does not attach the basedn to the container)

2
General Discussion / Re: firewall allowing WAN to connect to Google DNS servers
« on: March 05, 2021, 07:03:42 am »
Quote
I am only allowing the DNS to the opnsense server.
no.
you allow all traffic by "allow iot to any rule". you can try to enable logging on this rule and check logs
Quote
Which brings me back to the question, why can't I disable/delete the auto-generated rules?
why do you want to block the request when it is already trying to exit the WAN? block on ingress interface: just block dns-traffic from iot-network to any except "this firewall"

3
21.1 Production Series / Re: How to increase logging for debugging of LDAP authentication setup?
« on: March 05, 2021, 06:36:16 am »
Quote
so I'll go back and double-check to see if I haven't made any obvious mistakes
as you can see in the proposed code, the "User DN not found" error occurs when the user's search does not return any results. that is, the binding itself is successful. so it's not about the SSL params.
search uses username from tester input, "User naming attribute" from server config and "Extended Query" from server config (if any). plus underlying search function uses "Base DN" and "Authentication containers" (if any) from server config.so I would pay attention to these parameters of server config

4
21.1 Production Series / Re: Mail ports forwards in LAN
« on: March 03, 2021, 07:41:09 pm »
also need to disable port-forward for this ports on LAN and open port on OPNsense itself if "Default allow LAN to any rule" disabled.
then you can look in the logs
Services: Nginx: Logs:Stream Access logs; Services: Nginx: Logs: Stream Error logs

5
21.1 Production Series / Re: Mail ports forwards in LAN
« on: March 03, 2021, 05:55:41 pm »
Quote
how to set manualy a configuration for nginx on opnsense ?
sorry. why manual?
you can use streams
https://docs.opnsense.org/manual/how-tos/nginx_streams.html

6
General Discussion / Re: Port-Forward on WAN with private IP
« on: March 03, 2021, 06:56:34 am »
Quote
I find the rule in "FW > Rules > WAN"
so it should be in Firewall: Diagnostics: pfInfo: Rules. is 'reply-to' on?

7
General Discussion / Re: Port-Forward on WAN with private IP
« on: March 02, 2021, 09:43:43 pm »
the rule should be there for the packets to pass (the rule should have been created automatically when you created the port forward rule).
Quote
attemped to open 192.168.19.67:8080 to trigger such message
not just "open". firewall rules evaluation occurs after the translation. that is in the firewall rule the destination should be the redirection address. to avoid mistakes you can try to delete and re-create the port-forward rule. a pass-rule should be automatically created.

8
General Discussion / Re: Port-Forward on WAN with private IP
« on: March 02, 2021, 04:09:24 pm »
no. there should be a rule with tcp port 8080 on WAN

9
General Discussion / Re: Port-Forward on WAN with private IP
« on: March 02, 2021, 03:14:54 pm »
Hi
can you share associated pf rule string from
Firewall: Diagnostics: pfInfo -> Rules tab?

10
21.1 Production Series / Re: Mail ports forwards in LAN
« on: March 01, 2021, 08:21:21 pm »
hi
search "asymmetric routing " for answer.
you can try to use reverse proxy to proxy mail traffic also

11
21.1 Production Series / Re: FireWall Rules Configuration. Cant figure what happend
« on: March 01, 2021, 08:14:01 pm »
https://forum.opnsense.org/index.php?topic=20219.0

12
Development and Code Review / Re: Theme Tukan - edited version
« on: February 27, 2021, 10:04:42 pm »
I want to play with this a little more (so that it works with bulk enable/disable, rule order change, retains spin on page change\refresh) and test it well. I will share the result if it is worth it )
Quote
But then I abandoned it again because some would think that it was a misrepresentation and then decided to strike out the textline
I agree that here it is not possible to do so much with the styles  only (eg it will be seen that the rule has been changed, but it will not be clear what exactly) - there is not enough data in the html. need to work with the script imho.

13
Development and Code Review / Re: Theme Tukan - edited version
« on: February 27, 2021, 08:14:30 pm »
something like
https://github.com/kulikov-a/rules/issues/1

14
Development and Code Review / Re: Theme Tukan - edited version
« on: February 27, 2021, 06:33:17 pm »
another wild idea for toggled-not-applied rules: what if we just start to rotate toggle icon? (of course it will work only until you refresh page by applying changes or manually)
no themes updates needed

15
Development and Code Review / Re: Theme Tukan - edited version
« on: February 25, 2021, 07:43:24 pm »
sorry, if I understood @chemlud correctly, he wants the rows with the rules disabled and written to the config to be somehow different from the rows with the rules that were just disabled but not written to the config yet.
may be its possible via:
tr.rule.text-muted {
    background-color: darkgray;
}
or some
but it seems to me this will only add unnecessary variegation to the table
Tukan is the most eye-friendly theme imho
that's why I asked not to make the left panel so contrast  ;)

Pages: [1] 2 3 ... 39
OPNsense is an OSS project © Deciso B.V. 2015 - 2021 All rights reserved
  • SMF 2.0.17 | SMF © 2019, Simple Machines
    Privacy Policy
    | XHTML | RSS | WAP2