Messages

1

21.1 Production Series / Re: How to increase logging for debugging of LDAP authentication setup?

« on: March 05, 2021, 05:33:08 pm »

What got authentication working was to append the base DN to this value to fully qualify it.

I think it's worth a ticket on github: either change the help text or attach a basedn to the container in the search function

I can press the "Select a container" button alongside the "Authentication containers"

tried without specifying a "Authentication containers"? with "base dn" only
(button uses the same search function, which does not attach the basedn to the container)

2

General Discussion / Re: firewall allowing WAN to connect to Google DNS servers

« on: March 05, 2021, 07:03:42 am »

I am only allowing the DNS to the opnsense server.

no.
you allow all traffic by "allow iot to any rule". you can try to enable logging on this rule and check logs

Which brings me back to the question, why can't I disable/delete the auto-generated rules?

why do you want to block the request when it is already trying to exit the WAN? block on ingress interface: just block dns-traffic from iot-network to any except "this firewall"

3

21.1 Production Series / Re: How to increase logging for debugging of LDAP authentication setup?

« on: March 05, 2021, 06:36:16 am »

so I'll go back and double-check to see if I haven't made any obvious mistakes

as you can see in the proposed code, the "User DN not found" error occurs when the user's search does not return any results. that is, the binding itself is successful. so it's not about the SSL params.
search uses username from tester input, "User naming attribute" from server config and "Extended Query" from server config (if any). plus underlying search function uses "Base DN" and "Authentication containers" (if any) from server config.so I would pay attention to these parameters of server config

4

21.1 Production Series / Re: Mail ports forwards in LAN

« on: March 03, 2021, 07:41:09 pm »

also need to disable port-forward for this ports on LAN and open port on OPNsense itself if "Default allow LAN to any rule" disabled.
then you can look in the logs
Services: Nginx: Logs:Stream Access logs; Services: Nginx: Logs: Stream Error logs

5

21.1 Production Series / Re: Mail ports forwards in LAN

« on: March 03, 2021, 05:55:41 pm »

how to set manualy a configuration for nginx on opnsense ?

sorry. why manual?
you can use streams
https://docs.opnsense.org/manual/how-tos/nginx_streams.html

6

General Discussion / Re: Port-Forward on WAN with private IP

« on: March 03, 2021, 06:56:34 am »

I find the rule in "FW > Rules > WAN"

so it should be in Firewall: Diagnostics: pfInfo: Rules. is 'reply-to' on?

7

General Discussion / Re: Port-Forward on WAN with private IP

« on: March 02, 2021, 09:43:43 pm »

the rule should be there for the packets to pass (the rule should have been created automatically when you created the port forward rule).

attemped to open 192.168.19.67:8080 to trigger such message

not just "open". firewall rules evaluation occurs after the translation. that is in the firewall rule the destination should be the redirection address. to avoid mistakes you can try to delete and re-create the port-forward rule. a pass-rule should be automatically created.

8

General Discussion / Re: Port-Forward on WAN with private IP

« on: March 02, 2021, 04:09:24 pm »

no. there should be a rule with tcp port 8080 on WAN

9

General Discussion / Re: Port-Forward on WAN with private IP

« on: March 02, 2021, 03:14:54 pm »

Hi
can you share associated pf rule string from
Firewall: Diagnostics: pfInfo -> Rules tab?

10

21.1 Production Series / Re: Mail ports forwards in LAN

« on: March 01, 2021, 08:21:21 pm »

hi
search "asymmetric routing " for answer.
you can try to use reverse proxy to proxy mail traffic also

11

21.1 Production Series / Re: FireWall Rules Configuration. Cant figure what happend

« on: March 01, 2021, 08:14:01 pm »

https://forum.opnsense.org/index.php?topic=20219.0

12

Development and Code Review / Re: Theme Tukan - edited version

« on: February 27, 2021, 10:04:42 pm »

I want to play with this a little more (so that it works with bulk enable/disable, rule order change, retains spin on page change\refresh) and test it well. I will share the result if it is worth it )

But then I abandoned it again because some would think that it was a misrepresentation and then decided to strike out the textline

I agree that here it is not possible to do so much with the styles  only (eg it will be seen that the rule has been changed, but it will not be clear what exactly) - there is not enough data in the html. need to work with the script imho.

13

Development and Code Review / Re: Theme Tukan - edited version

« on: February 27, 2021, 08:14:30 pm »

something like
https://github.com/kulikov-a/rules/issues/1

14

Development and Code Review / Re: Theme Tukan - edited version

« on: February 27, 2021, 06:33:17 pm »

another wild idea for toggled-not-applied rules: what if we just start to rotate toggle icon? (of course it will work only until you refresh page by applying changes or manually)
no themes updates needed

15

Development and Code Review / Re: Theme Tukan - edited version

« on: February 25, 2021, 07:43:24 pm »

sorry, if I understood @chemlud correctly, he wants the rows with the rules disabled and written to the config to be somehow different from the rows with the rules that were just disabled but not written to the config yet.
may be its possible via:
tr.rule.text-muted {
    background-color: darkgray;
}
or some
but it seems to me this will only add unnecessary variegation to the table
Tukan is the most eye-friendly theme imho
that's why I asked not to make the left panel so contrast