Topics

[accessing]

I have 4 official IPs. I am using the one IP to run a MailInABox server that does mail, NextCloud, DNS and a web server. I am using a second one to self host an rss server.

My internal network is 192.168.1.x and the DMZ is 192.168.100.x.

I then installed WireGuard on the firewall using port 51820. I am using 10.10.0.x as my VPN network. I setup the network rules and can access the DMZ server and the LAN servers from the VPN.

I then created a port forward to a third official IP that I am using for WireGuard as I would like to use port 53 for the tunnel (none of my clients blocks this port). This just forwards all traffic from the third IP port 53 to the main IP port 51820. This also works perfectly.

This means when I am at a customer I can open the tunnel, ssh to my servers in the LAN and the DMZ.

What does not work is me accessing anything that is on the DMZ side from the tunnel. What I mean by that is that I cannot access eg. Mail on that server. When I ping the mail server I am getting the external IP which is correct, I cannot access any mails using a mail client. I also cannot access the rss server when the tunnel is open... I think I need to set relection somewhere maybe or something else. Does anybody have a pointer as to what I still need to setup?

Thank you very much for any help given!

Hi

I love using aliases and have quite a few already set up. I want to setup my XBox for open NAT and started by creating a new port alias. I can enter the name, but when I select Port(s) and then try to enter the port in the Content field the values entered just disappear. I am on the newest version of OPNsense (OPNsense 19.7.5-amd64) and this was working as I already have a couple of port aliases that I created previously. Is this an error with this version of OPNsense or am I missing something?

Cheers
Ursus

PS: I have tried rebooting, checking if there is a newer version available and copying an existing entry and trying to update it

So, I wanted to install WireGuard on my Firewall - read everywhere how simple that is... I followed the instructions here: https://docs.opnsense.org/manual/how-tos/wireguard-client.html and it seams as if that is for a different version of WireGuard and/or OPNsense? Setting up the routing shows me two WireGuard sections (I then renamed the interface to VPN and now I have a VPN and a WireGuard section in Rules) - which one do I use?

I would also like to help with the documentation for WireGuard, could somebody point me in the correct direction? Thx

Hi

I am moving from a 4 IP range (1 free) to an 8 IP range (5 free). I changed the WAN address and GW address and restarted the firewall. Everything worked as I was hoping and all my existing rules where still in place. Perfect.

I have my Mail server on the main ip (WAN) and would now like to add another server in the DMZ that I will use as a web server - I added the extra IP's as Virtual IP's but as soon as the virtual IP is added all the ports are then closed. I assume that the rules now no longer make sense. Do I need to update all the NAT rules for the existing WAN address?

I read that I need 1:1 NAT but shouldn't I be able to just Port Forward to the different machines? I would have thought that I could just do this: https://www.lawrencesystems.com/pfsense-setting-multiple-static-wan-ip-addresses-using-virtual-ips-nat-firewall-rules/

Thank you for any help.
Ursus

Hi Guys. I have just installed a new OPNSense FW, I have a Mail-in-a-Box instance running in my DMZ. I am using port forwarding to the Mail-in-a-Box server for mail for a couple of my friends and myself. I thought that I would try and install Sensei and am very impressed with it - well done guys. I monitored both the LAN and the DMZ interface. I left everything activated in Sensei but am getting very weird errors from Mail-in-a-Box. It is now saying port 22 cannot be reached, I cannot send and receive mails correctly, the box cannot update (apt update) itself anymore. I have had to uninstall Sensei again for everything to go back to normal.

What can I do to still use Sensei *and* Mail-in-a-box? Any pointers?

Thank you in advance
Ursus

[os-nginx]

Hi.

Sorry for the long post but I've been trying the whole afternoon :)

I have read the forums but cannot seem to find an answer to my question. I have a MailInABoxServer in my DMZ. I have setup port forwarding rules and everything is working perfectly! I have www.mydomain.com working. I now would like to add a Wordpress server for my blog at blog.mydomian.com. The mailinabox server is at 192.168.100.1 and the Wordpress machine at 192.168.100.2.

I therefore added the os-nginx plugin and can configure it without any problems. I used this how to https://wiki.opnsense.org/manual/how-tos/nginx.html to configure. I tried to configure but have a couple of questions:

1. I added an upstream server -> do I need to add one per port (you need to add the port on the config document)

2. I created the upstream, one per server

3. I created one location for www.mydomain.com and one for blog.mydomain.com. What do I enter for the Match Type, I have been using Exact Match ("="), correct?

4. I then created one server for www and added the www location document to it and one server for the blog and added the blog location to it.

When I deactivate the port forward rules I do not see my sites and get the following error in Logs/Global Error Log => invalid PID number "" in "/var/run/nginx.pid"

No matter what I do I cannot seem to start nginx (did this via the command line):

/usr/local/etc/rc.d/nginx: WARNING: failed to start nginx
root@firewall:~ # sudo service nginx start
Performing sanity check on nginx configuration:
nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful
Starting nginx.
nginx: [emerg] bind() to unix:/var/run/nginx_status.sock failed (48: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (48: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (48: Address already in use)
nginx: [emerg] bind() to unix:/var/run/nginx_status.sock failed (48: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (48: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (48: Address already in use)
nginx: [emerg] bind() to unix:/var/run/nginx_status.sock failed (48: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (48: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (48: Address already in use)
nginx: [emerg] bind() to unix:/var/run/nginx_status.sock failed (48: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (48: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (48: Address already in use)
nginx: [emerg] bind() to unix:/var/run/nginx_status.sock failed (48: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (48: Address already in use)
nginx: [emerg] bind() to [::]:80 failed (48: Address already in use)
nginx: [emerg] still could not bind()
/usr/local/etc/rc.d/nginx: WARNING: failed to start nginx

does anybody have any tips for me?

Thx

I am moving from Ubiquity 3Port Firewall. I have setup a DMZ and have my MailInABox server running perfectly. I thought I could setup the same thing on OPNSense - I am making a mess somehow and cannot find my error. When I have the Firewall: NAT: Port Forward rules set (attached) I can access the sites perfectly from the Internet (it therefore seems as if the rules are OK) but from the LAN side I am getting very weird responses. I enter a URL (eg. http://hecklerdesign.com/product/cliff/) -> the hecklerdesign.com part gets replaced with my own URL -> http://www.mydomain.cc/product/cliff/

I am not sure way this is but I was wondering if it might have something to do with the fact that MailInABox acts as a DNS server? Anybody have any pointers form me?

Thank you in advance