Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - republicus

Pages1
#1
19.7 Legacy Series / [SOLVED - BUG?] Virtual IPs blocked, no port forward
October 18, 2019, 08:59:15 PM
I really need help, I've spent days working on this and I'm at wit's end.

I have a a /29 CIDR block of static IPs from my ISP.

Nothing I try will get any traffic forwarded through OPNsense to my LAN hosts using my Virtual IPs.
I have tried several suggestions found on the forums or elsewhere when searching for a solution.

From what I can tell, I've done everything right and OPNsense should be able to forward traffic using the Virtual IPs to LAN clients.

My setup:
WAN is configured with static IPv4 using first usable static IP from my ISP.
WAN is configured to use the Gateway of my /29 CIDR block of IPs and the Gateway is set to default.
Firewall > Virtual IPs > has my other usable static IPs configured.
LAN configured with 192.168.30.0/24 subnet.


Firewall: NAT: Port Forward:

Interface: WAN
Proto: TCP
Source: any
Source Ports: any
Destination: WAN address
Destination Port: HTTP
NAT IP: 192.168.30.100
NAT Ports: HTTP

Result: Success. I can reach the LAN server at 192.168.30.100 by accessing the IP assigned to my WAN interface.

My Virtual IP NAT: Port Forward rule:

Interface: WAN
Proto: TCP
Source: any
Source Ports: any
Destination: [Virtual IP]*
Desination Port: HTTP
NAT IP: 192.168.30.100
NAT Ports: HTTP

* Note on [Virtual IP]: I have attempted using an Alias using IP Alias for Host(s) with the Static/Virtual IP;
I have tried using the Virtual IP without the Alias;
I have tried using Single host or Network and defining the Virtual IP.

Result: Connection Refused

I can see traffic in the Logs calling the Virtual IP- but every request is refused.

I've also tested the LAN/HTTP host (192.168.30.100) and configured its network with one of my usable static IPs and NOT behind OPNsense.
Result: Success

Virtual IPs are pingable from WAN and LAN interfaces.
Code Select

# /sbin/ping -S '192.168.30.1' -c '3' '[Virtual IP]'
PING [Virtual IP] ([Virtual IP]) from 192.168.30.1: 56 data bytes
64 bytes from [Virtual IP]: icmp_seq=0 ttl=64 time=0.172 ms
64 bytes from [Virtual IP]: icmp_seq=1 ttl=64 time=0.190 ms
64 bytes from [Virtual IP]: icmp_seq=2 ttl=64 time=0.123 ms

--- [Virtual IP] ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.123/0.162/0.190/0.028 ms


Ive tried only one rule for port 80/HTTP using only my Virtual IP;
and I've also tried different ports, all with the same results.
Only the WAN interface IP will port forward, and no joy for Virtual IPs.

I have not created any other firewall rules. Am I missing something?
Everything I have found concerning multiple Static IPs suggests my configuration should work.
#2
19.1 Legacy Series / Outbound NAT rules ignored
June 20, 2019, 12:07:50 PM
With my ISP I get a dynamic IP and I have also purchased several static IP addresses.
I noticed that gmail said it could not authenticate the sender and Microsoft is bouncing the mail entirely.

At first I thought it was only my SPF records. But, as I investigated I found out that all email is being sent through the WAN dynamic IP.

I have tried every way I can imagine to make the Outbound NAT work but I have had no success.
I have tried with Virtual IPs.. as well as working interface IPs that are assigned to ports.

Every change results in the WAN/dynamic IP being used.

My outbound NAT mode is: Hybrid outbound NAT rule generation
Any thoughts on what I might be missing to get this setup?

#3
19.1 Legacy Series / Network devices dropping
June 02, 2019, 09:41:00 AM
Recently my opnsense system has been intermittently crashing multiple times a day.

I am still able to access the web GUI through opnsense the LAN address but am unable to ping the WAN gateway.
If I bypass opnsense my other devices communicate with the WAN normally.
Opnsense console appears to be locked up (attachment) and I must reboot to restore connectivity until it occurs again.

That has been the case for a few days, but today it was slightly different wherein my LAN interface went down but the console remained up. I was able to restore connectivity by issuing (ifconfig em6 down/up).

I'm not sure what's going on. Right now I've bypassed opnsense on a few devices that need stable uptime which is of course not ideal

Any thoughts that might help me?

#4
18.7 Legacy Series / OpenVPN on internal IP?
January 21, 2019, 05:52:48 AM
Is it possible to run OpenVPN ontop of OPNsense for internal connections only?

I currently have OPNsense behind a modem/router and setup as the DMZ.

So far it has worked well except that I would like to allow clients on the router above to be able to connect to OPNsense via OpenVPN.

The OpenVPN server is setup authenticating ONLY with clients that are on a different external IP.

When changing the FQDN to the OPNsense WAN interface IP, every attempt fails to connect.

I do not see any traffic on OPNsense logs indicating why it has failed.

Any suggestions to make this work?
Thanks for your time!
#5
18.7 Legacy Series / Cloudflare Dynamic DNS API broke in update
January 21, 2019, 05:35:25 AM
I preformed an upgrade and now my Dynamic DNS settings for Cloudflare fail.

Ive reverted back and it works again.

I have two systems with the same symptoms.
(1) OPNsense 18.1.13_1-amd64 -- Cloudflare works until updated
(2) Clean install using OPNsense-18.7-OpenSSL-dvd-amd64.iso -- Cloudflare works until updated

Cached IP shows 0.0.0.0 and does not update.
When researching the problem I only find old mentions at pfsense from years ago

Any thoughts?
Pages1