Topics

1

General Discussion / How do I specify a Port Range in NAT?

« on: December 31, 2017, 05:36:28 am »

Hello,

I am trying to create some port forwards in outbound NAT but can't seem to figure out how to specify a port range correctly.

As an example I tried 27014:27050 but I get an input error on save.

Is it possible to specify a port range in outbound NAT or will I need to create the range in an Alias?

2

General Discussion / New User needing some DNS and Web Filtering Help

« on: December 31, 2017, 05:01:21 am »

Hello All,

About 4 months ago I decided it was time for a router based firewall. I had a set of criteria I wanted my firewall to do and the first firewall I came across that seemed to fit my needs was pfSense.

To make a long story short pfSense does have most all the features I need but I found it not very intuitive and as such I had a difficult time setting it up. As you could guess I had to ask several questions in their forum. What I found was that several of the questions I asked went unanswered and when I did get an answer it was usually either condescending or unhelpful, sometimes both.

This led me to look else where for a firewall solution and that is when I found OPNsense. I was delighted to find OPNsense is very similar to pfSense which made the initial setup of OPNsense much smoother. On the plus side I really also like the OPNsense webGUI.

In the past couple of days I have so far got OPNsense installed and running with no issues. At this point I now need to set up my VPN, some port forwards, DNS and web filtering.

I have got my VPN partially setup, I just need to create my VPN gateways and gateway group which shouldn't be a problem for me. I also shouldn't need any help with the port forwards.

What I am getting stuck on is getting the DNS working correctly and trying to figure out the web filtering.

Concerning DNS, how would I setup OPNSense as the main DNS resolver and Google DNS as a secondary? My main objective is to not use my ISP's DNS which is I believe dynamically assigned because I connect using PPPoE.

I will also be setting up OpenVPN from ExpressVPN. Their DNS is also dynamically assigned. I will be using 2 different VPN locations in what I believe is called a fall over config or load balancing in case one goes down. This for the most part shouldn't be a problem for me to set up except for the DNS. I think the DNS will be an issue for me because some of my LAN clients will run through the VPN and some won't. Due to the way the VPN works I also can't manually assign VPN DNS servers as they are unknown and assigned dynamically.

I am also wondering if I can use block list similar to how you would with pfBlockerNG. In pfBlockerNG I can block IP's and URL's using auto updated Block List. I am hoping I can I achieve this same functionality with OPNsense.

So to recap my not so clear questions,

1. Can I use OPNsense like pfBLockerNG by filtering IP's and URL's with block list and have these list auto update?

2. If yes to #1, how do I accomplish?

3. How would I setup OPNSense as the main DNS resolver and Google DNS as a secondary?

4. How can I have some network clients use VPN IP and DNS while others NOT using VPN use ISP IP and DNS as described in question #3?

This is probably alot to ask but hopefully someone here can help.

If it helps to know, I am running the latest OPNsense version on amd64 hardware.

Thanks in advance