Topics

Hello, it's me again.

This time I'm trying to block internet access from one machine except for one site.

Created an alias with all the host IPs of the machines I want to block, and it works. But now I need to allow them to access a website. This website has a lot of other files linked from several domains (javascripts, fonts, etc) and I need them to load without restriction.

Already created another alias with all the domains I know the website links to. But it doesn't work normally, there's something I'm missing, maybe a linked file is linked somwhere else but I can't see it in the browsers developer tools.

Is there any way I can create a rule/alias that allows something like "ALLOW all from domain.tld and his links"?

Thanks in advance.

A couple days ago I was searching through firewall logs and found some weird behaviour.

The thing is:

I have my LAN Network: 172.17.10.0/23
And my OVPN Network: 10.8.1.0/24 and the OVPN server is 172.17.10.2.
I can see the remote VPN Machines, and they can see my LAN.

The problem is that connection drops randomly, I can connect via SSH to the remote OVPN client router, but connection dies a couple seconds after. The same happens when I connect to remote cameras. I can see the video stream but the video stops after a couple seconds.

Looking at the FW logs, I found something that seems very strange to me.

Code Select Expand


   ALLOW      LAN      <-      Jun 7 15:49:41   172.17.10.12:50316   10.8.1.4:2000   tcp   FLOAT LAN TO OVPN   
   DENY      LAN      ->      Jun 7 15:49:41   172.17.10.12:50316   10.8.1.4:2000   tcp   FLOAT LAN TO OVPN   
   DENY      LAN      ->      Jun 7 15:49:36   172.17.10.12:50233   10.8.1.4:2000   tcp   Default deny rule   
   DENY      LAN      ->      Jun 7 15:49:33   172.17.10.12:50233   10.8.1.4:2000   tcp   Default deny rule


Some packets are allowed to reach destination, but the next ones are not. Same ports, same source and destination.
It happens every time I start a connection.

Can you please tell me where to start?

Thanks in advance.

Hi guys, I've been using ZeroTier on my OPNSense box, and it works without any hassle.

The thing is, I have 3 WAN interfaces, the main interface is connected to a 500Mb/s link. The second an third are 10Mb/s. When I installed the plugin it got connected through the third one, so the speed is not the fastest.

I've been searching how to force ZeroTier use the first link, but I can't find anything.

Is it possible? How?

Besides, how can I make it switch automatically to the second or third link in case of any of these failing.

Thanks in advance!


Wash your hands and stay at home!  ;D

Hi there. I need some help from you, guys.

Currently I have a server with 4 NICs.

• LAN
• WAN DHCP
• WAN STATIC IP: AAA.BBB.CCC.DDD
• WAN STATIC IP: AAA.BBB.CCC.EEE

I need to assign the same GW to NIC 3 and 4. The IPs are different only on the last octet. The IP assigned to the 4th interface is enabled to access a remote server, but the 3rd is the interface of the incoming connections, none of these can be changed.

How can I achieve this?

Thanks in advance!

[NAT: Port Forwarding]

Hi guys, I'm here to ask for your help.

I need to connect two machines,

Machine_1 -> 3G broadband router -> Internet -> OPNSense -> Local PPTP Server (Machine_2)

So, I mounted a PPTP Server on my local Ubuntu Server.

My current network is as follows:

LAN: 172.17.10.1/23

172.17.10.1: OPNsense 19.1.4-amd64 / FreeBSD 11.2-RELEASE-p9-HBSD / OpenSSL 1.0.2r 26 Feb 2019
172.17.10.2: Ubuntu Server 16.04 / pptpd server v1.4.0

The rest of the network has some computers, servers and clients.

What I can't achieve, yet, is to connect a pptp client from outside the LAN. Inside the LAN it works flawlessly, I can connect from my mobile phone, and my laptop with Win7x64. So, I assume that the pptp server is correctly configured.

But when I try to connect from outside the LAN, the local pptp server detects the connection, and shortly after it throws an Error 619. I can see the incoming connection from the Webmin Panel. It even shows my 3g IP address. So, it does see me, but the connection can't be fully established.

My current settings are as follows. And I would love you to tell me if I'm making a mistake.

This is my NAT: Port Forwarding config

WAN     TCP/UDP     *   *   This Firewall   1723 (PPTP)     172.17.10.2     1723 (PPTP)
WAN     GRE         *   *   This Firewall   *               172.17.10.2     *

These are my WAN Rules

IPv4 TCP/UDP    *   *   172.17.10.2     1723 (PPTP)     *       NAT
IPv4 GRE        *   *   172.17.10.2     *               *       NAT

And these, my LAN Rules

IPv4 TCP/UDP    *   *   *   1723 (PPTP)     *           
IPv4 GRE        *   *   *   *               *         

Any help would be really appreciated, thanks in advance.  :D :D :D :D