Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - jean.paradis

#1
hello, I live hell since the update, facebook the image does not display or sometimes. several websites give me errors. I disabled just like zenarmor, unbound dns forward to 1.1.1.1
no blacklists. the problem is still there.

seems like a recurring problem
https://forum.opnsense.org/index.php?topic=11401.0
#2
I noticed that if the gateway in the wan interface is in automatic mode, the nat outbound rule is not created automatically.  is this a bug?


Versions   OPNsense 22.7.2-amd64
FreeBSD 13.1-RELEASE-p1
OpenSSL 1.1.1q 5 Jul 2022
#3


Quote from: EFaden on April 09, 2021, 06:11:34 PM
So I figured I would try to get IDS/IPS setup on my home router for fun.  Currently I have NO rule sets setup and my network configuration has a cable modem going to the WAN interface and uses NAT to have a single LAN interface with a VLAN 100 (for guests) and untagged for local traffic.   A few questions came up....

I followed (https://homenetworkguy.com/how-to/configure-intrusion-detection-opnsense/)

1) Do I use LAN or WAN in my interface list?  If I use the WAN and NAT do I need to add my WAN IP to the list of IPs? If so how can I automate that on changes.

2) It seems like whenever I enable on any of the interfaces that interface becomes completely unresponsive and won't pass any traffic.  Thoughts?

Thanks!


Hello, if you activate it on the wan and your ip is dynamic, you will have to go put it forward.  there is no automation for this.  Please note that if you are using sensei and suricat at the same time, only one of the 2 can have the lan interface.
#4
Quote from: dia4 on January 10, 2021, 01:25:47 AM
dia4


For you its works because it's setting up on the lan and private address its setting up default in advanced options. but I use sensei so I can only use on the wan. if you activate only on the wan it is mandatory to put the IP manually otherwise there is going to be no detection.


see the capture, the ip's the default :)
#5
The problem is the same for me. it stops at all times.
I assign the interface manually and the problem is still there.

Versions   OPNsense 20.7.7_1-amd64
FreeBSD 12.1-RELEASE-p11-HBSD
OpenSSL 1.1.1i 8 Dec 2020



here are the logs:

2021-01-04T12:41:23 unbound[473] [473:0] info: start of service (unrelated 1.13.0).   
2021-01-04T12:41:23 unbound[473] [473:0] review: init module 0: iterator   
2021-01-04T07:56:12 unbound[8518] [8518:0] review: sendto failed: Permission denied   
2021-01-04T03:00:19 unbound[8518] [8518:0] info: start of service (unrelated 1.13.0).   
2021-01-04T03:00:19 unbound[8518] [8518:0] review: init module 0: iterator   
2021-01-04T03:00:19 unbound[8518] [8518:0] review: Reboot of 1.13.0 unrelated.   
2021-01-04T03:00:19 unbound[8518] [8518:0] info: server statistics for thread 1: requestlist max 0 avg 0 exceeded 0 hustled 0   
2021-01-04T03:00:19 unbound[8518] [8518:0] info: server statistics for thread 1: 0 queries, 0 cache responses, 0 recurrences, 0 preference, 0 rejected by ip ratelimiting   
2021-01-04T03:00:19 unbound[8518] [8518:0] info: server statistics for thread 0: requestlist max 0 avg 0 exceeded 0 hustled 0   
2021-01-04T03:00:19 unbound[8518] [8518:0] info: server statistics for thread 0: 0 queries, 0 cache responses, 0 recurrences, 0 prefeasing, 0 rejected by ip ratelimiting   
2021-01-04T03:00:19 unbound[8518] [8518:0] info: service stopped (unrelated 1.13.0).   
2021-01-04T03:00:18 unbound[8518] [8518:0] info: start of service (unrelated 1.13.0).   
2021-01-04T03:00:18 unbound[8518] [8518:0] review: init module 0: iterator   
2021-01-04T03:00:18 unbound[8518] [8518:0] review: Reboot of 1.13.0 unrelated.   
2021-01-04T03:00:18 unbound[8518] [8518:0] info: server statistics for thread 1: requestlist max 0 avg 0 exceeded 0 hustled 0   
2021-01-04T03:00:18 unbound[8518] [8518:0] info: server statistics for thread 1: 0 queries, 0 cache responses, 0 recurrences, 0 prefeasing, 0 rejected by ip ratelimiting   
2021-01-04T03:00:18 unbound[8518] [8518:0] info: server statistics for thread 0: requestlist max 0 avg 0 exceeded 0 hustled 0   
2021-01-04T03:00:18 unbound[8518] [8518:0] info: server statistics for thread 0: 0 queries, 0 cache responses, 0 recurrences, 0 prefeasing, 0 rejected by ip ratelimiting   
2021-01-04T03:00:18 unbound[8518] [8518:0] info: service stopped (unrelated 1.13.0).   
2021-01-04T03:00:18 unbound[8518] [8518:0] info: start of service (unrelated 1.13.0).
#6
Vous pouvez aller dans alerte et désactiver alerte, mais ceci va désactiver la règle de filtrage.

Sinon essayer de créé une règle pour ignorer dans la section utilisateurs.
#7
 show me screenshots of your configuration   marshalleq
#9
Hello, after further verification. I found that must add the ip of the wan when you activate this on the Wan. must now I find a solution given my ip is dynamic and it does not take domain name.


help find out on:
https://homenetworkguy.com/how-to/configure-intrusion-detection-opnsense/
#10
Intrusion detection does not appear to be working.
I followed all the step by step on the wiki and even more check on other forums.
I also use Sensei.
I have no alert in suricata. all its list activate even AND Telemetry Pro.
I did a nmap test on the router and no alert.
I create a user rule with the facebook print and no alert.


I set up suricata on the WAN interface.
I set up Sensei on the LAN interface.
I did disable hardware acceleration on everything.


Picture IDS:
https://ibb.co/n1QSBys
https://ibb.co/tpbS6fW

Sensei:
https://ibb.co/qLGqrd7

Opensense Firmware:
https://ibb.co/YTrQdWY

Thank you for your help, if you need information. or if there is a way I send my config its will please me.