Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Patrick M. Hausen

Pages: [1] 2 3 ... 270

23.7 Production Series / Re: How to setup opn-cli and puppet agent?

« on: Today at 09:52:55 am »

Did you follow these instructions?

https://github.com/andeman/puppet-opnsense

opn-cli goes on the bastion host, not the manages OPNsense firewalls.

23.7 Production Series / Re: updated from legacy... WiFi1_GWv4 Priority Defunct (Upstream)

« on: Today at 09:50:42 am »

If the AP is in "Access Point" mode, it is probably a bridge. Which means all IP is managed by OPNsense any you do not need a gateway.

So in theory if WiFi is a separate interface with a separate IP network etc. of course you need proper allow rules for DNS, Internet etc. for this to work.

If all interfaces of this Qotom thing are bridged like a switch, then your AP is connected to LAN and the separate "WiFi" interface in OPNsense does not make sense.

But I doubt that is the case because if the ports were all just a switch you would not even see separate interfaces in OPNsense. So you will need rules resembling the ones for LAN with minor adjustments on that WiFi network.

23.7 Production Series / Re: updated from legacy... WiFi1_GWv4 Priority Defunct (Upstream)

« on: Today at 08:59:27 am »

Isn't the AP in bridge mode? Why do you need a gateway on the WiFi interface? Also please show the firewall rules on that interface.

23.7 Production Series / Re: htop installation fails

« on: December 04, 2023, 10:39:31 pm »

Use top?

Tutorials and FAQs / Re: Batch create VLANs, Interfaces, DHCP Server, CARP, NAT, Firewall Rules, etc

« on: December 04, 2023, 08:14:19 pm »

Thanks for sharing, @stif.

If you are like me more familiar with shell than with Python - I just added 56 alias addresses in one go that way on Friday:

Code: [Select]

#! /bin/sh

for i in `jot 56 7`
do
uuid=`uuid`
cat <<HERE
    <vip uuid="${uuid}">
      <interface>opt2</interface>
      <mode>ipalias</mode>
      <subnet>X.Y.Z.${i}</subnet>
      <subnet_bits>32</subnet_bits>
      <gateway/>
      <noexpand>0</noexpand>
      <nobind>0</nobind>
      <password>secret</password>
      <vhid>2</vhid>
      <advbase>1</advbase>
      <advskew>0</advskew>
      <descr>External services address</descr>
    </vip>
HERE
done

X.Y.Z being the real prefix, of course.

General Discussion / Re: ZFS Snapshot on OPNsense - does it work without hickups?

« on: December 04, 2023, 05:47:12 pm »

https://forum.opnsense.org/index.php?topic=25540.msg122731

General Discussion / Re: Allow DMZ to Internet (WAN)

« on: December 04, 2023, 05:10:36 pm »

Either place a

destination: all other networks
action: deny

rule above your "allow" rule or use destination invert in that allow rule, e.g. combined with an alias like "rfc1918" containing all those private networks. You still might need an extra rule to permit DNS, so I prefer to go with a "deny to what I want to protect" followed by an "allow any".

Another way can be to explicitly set the upstream gateway in the allow rule, so any packet will be forwarded out to the Internet.

It all depends on your preference and your exact topology.

HTH,
Patrick

German - Deutsch / Re: Einrichtung auf Webinterface zerschossen

« on: December 04, 2023, 04:46:21 pm »

Du hättest "3" und "Enter" eingeben können und die Sense hätte dich Schritt für Schritt alles zum LAN abgefragt.

General Discussion / Re: Allow DMZ to Internet (WAN)

« on: December 04, 2023, 04:45:25 pm »

WAN net is the network directly attached to your WAN interface. The Internet is always "any".

German - Deutsch / Re: Einrichtung auf Webinterface zerschossen

« on: December 04, 2023, 02:49:52 pm »

Naja, jetzt konfigurierst du dein LAN auf eine andere Adresse - dadurch verlierst du natürlich erst mal die SSH- Verbindung - dann konfigurierst du deinen PC um (statisch), und dann kommst du wieder aufs UI und kannst weitermachen ...

German - Deutsch / Re: Einrichtung auf Webinterface zerschossen

« on: December 04, 2023, 01:52:23 pm »

Sind das VLAN plus DMZ ein anderes phys. Interface? Wenn ja, dann zieh das Kabel da raus, dann ist nur noch dein LAN aktiv. Wenn alles auf einer Schnittstelle liegt, wird es schwierig. Wie hast du die Kiste denn installiert ohne Konsole?

German - Deutsch / Re: Einrichtung auf Webinterface zerschossen

« on: December 04, 2023, 01:04:43 pm »

Monitor und Tastatur anschließen und Adressen über die Konsole neu vergeben.

General Discussion / Re: How to access to GUI OPNsense from WAN ?

« on: December 04, 2023, 01:03:20 pm »

IPv4 of WAN address should be a public IP. Isn't it? If it isn't, why?

General Discussion / Re: How to get internet access when connecting opnsense router to existing router?

« on: December 04, 2023, 12:49:19 pm »

1. A newly installed OPNsense uses DHCP for WAN. Just plug in.

2. Yes, you would need to change LAN to e.g. 192.168.2.1/24. Then give your PC a static address in thst network and adjust Services > DHCPv4 > LAN to match that network.

Then switch your PC back to DHCP again.

General Discussion / Re: How to access to GUI OPNsense from WAN ?

« on: December 04, 2023, 12:46:31 pm »

External WAN address of your OPNsense ...

Pages: [1] 2 3 ... 270