Topics

1

19.7 Legacy Series / Virtual IPs- Pingingable?

« on: December 08, 2019, 01:21:45 am »

I'm trying to set up a a /29 as virtual IPs for my static IPs. the primary IP that I set as my Wan works, that's fine. But my Virtual IPS don't seem to work. I've tried to set them up with both port forwarding/outbound, and 1 to 1 NATs. Neither seems to work. I've allowed ICMP through, and the WAN interface responds to pings, but the VIPs do not.

Is there any other steps i need to do other then setting up the VIP and assigning it to an interface to make it routable? I'd half love to think this is any issue with my ISP/Modem not pushing them all through, but before I open a ticket with them I would like a more fullproof test or confirmation on the Opnsense side.

2

General Discussion / Setting up a DMZ, but traffic appears on the wrong interface

« on: April 10, 2018, 05:18:34 pm »

I feel like I'm missing something obvious since I can't find much on this.

I'm trying to set up a DMZ. Opnsense deployed on Protectli 6 port router.  Everything workes for my LAN setup.

I have also set up an OpenVPN client, following the instructions herehttps://forum.opnsense.org/index.php?topic=4979 Everything works as okay with this too. the OpenVPN interface is named 'IVPN', and it shows as OVPNC2 in interfaces, with all 0 for the MAC address.

I enable a new physical interface as DMZ , set it as 192.168.2.1 /24 I configured the DHCP server for it, and then created rules for the interface, cloning the 'allow any to any' rules for the LAN to test. (using 8.8.8.8 as the DNS provided, if that makes a difference)

I plug a device into the port, and i see the link go from down to up in the dashboard. Confirm I'm pulling a DHCP address in the range, but i have no connectivity past the firewall.  When I check the firewall logs, filtering for the IP of my test device- 192.168.2.101, i do see DNS traffic hitting the firewall, and showing as ALLOWED. However... it shows under the IVPN interface, not as the DMZ interface.

I've tested a few things- updating, deleteing rebooting, rebuilding, rebooting, and searched for tutorials on setting up DMZs. If I'm understanding it right, i don't need to create a gateway- none of the tutorials mention that, and i notice the LAN doesn't require one.. and it states i don't need to create routes between different interfaces under the route tab. What am I missing?


I'm also assuming that my connectivity issues are the traffic showing up on the wrong interface, but I suppose it's possible these are two separate issues. Any help would be greatly appreciated.

3

18.1 Legacy Series / OPNVPN client failover

« on: February 21, 2018, 01:45:52 am »

I followed the instructions https://forum.opnsense.org/index.php?topic=4979.0.

It works, but I have one tiny question that I don't see mentioned elsewhere in the forums. I'd like to force the traffic I have alias to use the VPN to fail to reach the WAN if the VPN link fails. As it is, if it toggle the VPN down, the traffic continues over the public WAN.

Would this just be as simple as editing the last rule in step 9 to be alias VPN 'source invert' so that it does not direct traffic from the VPN outside?

I still also have the default any to any under the new rules, I didn't know if i'd also need to edit that same source invert in or just delete them- I see a bunch of ways I could take myself offline doing this, and I've already done that a number of times the past couple days.