Topics - ressurex

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - ressurex

Pages1

General Discussion / Cant start DNSBL via BIND plugin

January 07, 2019, 06:45:25 PM

hi all.

using this manual: https://www.routerperformance.net/opnsense/dnsbl-via-bind-plugin/

and setting the ACLs access list to: 192.168.1.1/24 ( OPNsense is 192.168.1.1)

I cant get the DNSBL started. it goes red after on second trying to start it.

what am I doing wrong ?

General Discussion / What Alias type to use for different blocking lists.

January 05, 2019, 05:55:14 PM

Hi All.

I am a bit confused of what Alias type to use for ad blocking. can someone please take a look at them and tell me which Alias type to use and why!?

currently my blocking lists are those following and only two are set as URL Table (IPs) because they fetch a file like a download, the rest i have set as host type alias,
BUT! i simply dont quite understand the difference in the types of aliases contra the extension of the block list.
can someone give me a guided answer,
what type of alias should i use on every list ?

1)URL Table (IPs)
2) URL (IPs)
3) Host

https://adaway.org/hosts.txt
https://www.binarydefense.com/banlist.txt
https://lists.blocklist.de/lists/all.txt
http://sysctl.org/cameleon/hosts
https://tspprs.com/dl/cl1
https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
https://iplists.firehol.org/files/firehol_level2.netset
https://hosts-file.net/ad_servers.txt
https://raw.githubusercontent.com/notracking/hosts-blocklists/master/hostnames.txt
https://raw.githubusercontent.com/notracking/hosts-blocklists/master/domains.txt
https://raw.githubusercontent.com/quidsup/notrack/master/trackers.txt
https://someonewhocares.org/hosts/hosts
https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
https://dbl.oisd.nl/whitelist2.txt
https://raw.githubusercontent.com/WindowsLies/BlockWindows/master/hostslist
http://winhelp2002.mvps.org/hosts.txt
http://pgl.yoyo.org/as/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext

Intrusion Detection and Prevention / Blocking pictures in thunderbird

December 31, 2018, 08:24:01 AM

hi all.

which rules from the default suricata setup blocks attached files/ pictures mostly from my thunderbird mail client ?

i just cant seem to find out which ones. I have disabled the snort rules i also have enabled, but its not them blocking files.

can some one guide me ?

General Discussion / Aliases: Host files only possible to save when edited from URL (IPs)

November 17, 2018, 05:50:24 PM

Hi.

im doing a setup of new extra aliases to use for addblocking etc..

they are taken from this list https://github.com/matijazezelj/unbound-adblock
the are all HOSTS lists!

When I try to put every list in a alias respectfully i cant save the lists a hosts.. Opnsense says they arent hosts files.
only workaround is when i choose urls (ips) and save, then edit and choose hosts. and then save.
then it seems the opnsense accepts them as HOSts...

is it a bug ?

General Discussion / Torguard VPN issue

November 12, 2018, 08:27:29 PM

Hi all.

the short story is that im trying to create my own how-to based on torguard VPN service.

Its a loadbalacend 4 connection setup based om merged torguard/pfsense manuals. I though why not do a torguard complete how-to, test it out and share it.

Currently I have a working online 4 VPN gateway group, with 30 servers in each connection. alle chosen randomly on every boot. ( reboot every night using CRON)

But then the next part of the manual doing the firewall rules, i just cant get to work....
I use the german https://dns.watch/ as forced DNS, but that should be a problem.

this following setup is what i need to do next, but its not working...
any commets ??

----------------

Create Firewall Rules
In this section, we are going to create a floating firewall rule to Reject any LAN outbound packets that are tagged as NO_WAN_OUTBOUND and then we are going to create a LAN rule that will tag all traffic as NO_WAN_OUTBOUND as well as use the OpenVPNGatewayGroup we created in the section above as the default gateway for that traffic. Using this method, we are going to ensure that ALL LAN traffic will ONLY go through the OpenVPN connections.
1.   Navigate to Firewall --> Rules and ensure the Floating tab is selected. (Figure 15).
2.   Click the Add button with the down arrow on the bottom of the page to add a rule to the end of the list (Figure 16).
3.   You will be re-directed to the Edit firewall Rule page.
4.   In the Action field ensure Reject is selected.
5.   In the Interface field ensure the WAN interface is selected.
6.   In the Direction field ensure out is selected.
7.   In the Address Family ensure IPv4 is selected.
8.   In the Protocol field ensure Any is selected(Figure 17).
9.   In the Log field, check the Log packets that are handled by this rule.
10.   In the Description field, enter the following description: Reject Packets tagged with NO_WAN_OUTBOUND.
11.   In the Advanced Options field, click Display Advanced button (Figure 18).
12.   Clicking the Advanced Options button from the previous step, will display the Advanced Options section.
13.   In the set local tag field, enter the following: NO_WAN_OUTBOUND (Figure 19). Ensure you make a note of the NO_WAN_OUTBOUND tag because we are going to be using it in LAN rule we are going to be creating next.
14.   Click the Save button at the bottom of the page.
15.   You will be re-directed back to the Floating rules tab page.
16.   Click on the Apply Changes button on the top of the page to apply the changes (Figure 20).
17.   Next click on the LAN tab (Figure 21).
18.   Click the Add button with the down arrow on the bottom of the page to add a rule to the end of the list (Figure 22).
19.   You will be re-directed to the Edit firewall Rule page.
20.   In the Action field ensure Pass is selected.
21.   In the Disabled field ensure Disable this rule is Unchecked.
22.   In the Interface field ensure the LAN interface is selected.
23.   In the Address Family ensure IPv4 is selected.
24.   In the Protocol field ensure Any is selected (Figure 23).
25.   Under the Source section, in the Source field, ensure LAN net is selected.
26.   Under the Destination section, in the Destination field, ensure any is selected.
27.   Under the Extra Options section, in the Log field, ensure Log packets that are handled by this rule is checked.
28.   Under the Extra Options section, in the Description field, enter a description for this rule (Ex: Allow LAN to any via VPN Only).
29.   Under the Extra Options section, in the Advanced Options field, click the Display Advanced button (Figure 24).
30.   Clicking the Advanced Options button from the previous step, will display the Advanced Options section.
31.   Under the Advanced Options section, in the set local tag field, enter NO_WAN_OUTBOUND (Figure 25).
32.   Under the Advanced Options section, in the Gateway field, ensure the OpenVPNGatewayGroup gateway is selected (Figure 26).
33.   Click the Save button at the bottom of the page.
34.   You will be re-directed back to the LAN rules tab page.
35.   Click on the Apply Changes button on the top of the page to apply the changes (Figure 27).

General Discussion / Showing 4 cores when only 2 exist.

August 24, 2018, 05:51:59 AM

hi all.

my lobby dashboard gives me: Intel(R) Core(TM) i5-4210U CPU @ 1.70GHz (4 cores)

but the cpu is dual core and 4 threads.

this gives me an option to run two parallel openvpn instances for example, but not 4 as i was mistakenly surprised to think, first time i booted my qotom unit.

isn't this misguiding ? or am I reading it wrong.

General Discussion / VPN server on static IP - secure??

July 25, 2018, 11:12:34 AM

Currently running happy on my new box, purchased from Ali. -> description.

Well then:
One simple question before I dive in the world of VPN/networking, which is NOT my area of expertise. My IPS doesn't support dyndns, something with sharing a IP in a quadrant and one wan, double NAT etc etc.. I won't get into this. But discuss the static fixed public IP VPN solution instead.

If I want to connect to my LAN from the outside world through a static public IP, running as a VPN server. what exactly do I need to do to not expose my LAN to the internet.
I only have one thing in mind connecting to a private VPN server and that is access to our windows 7 NAS drives with nextcloud etc. ( dropbox alternative )

Before I order a static IP from our ISP, fire it up, port forwarding the VPN server port on my cisco cable modem to the opnsense VPN server. Etc. Is there ANY!! Way such a solution can be a threat to my home LAN, exposing it to the internet. If I set some values wrong or something... I'm in a bit of a grey zone here in terms of knowledge.

I was advised NOT to do a VPN server brigde on an outside VPS like Digital Ocean since the owner of the service could access my LAN this way. I'm not a VPN expert as you can tell. But I get the basics.

Does a VPN server service running on my opnsense in any way create a threat to my existing LAN ? if not configured in a stringent way, and does this fora have a specific guide how to do this setup ?

I want to use my OPNsense for several things, small things like cutting LAN access for android/IOS mobile units and vice versa for LAN only units, geo blocking/ ads / privacy / VPN and what else I find interesting. Overall just the feeling on regaining control of my own network at home, upping the standard security sort of speak. Coming from an Asus WRT Merlin build, opnsense Is a exiting new world. But what I don't want is to lower the security.

Pages1