Topics

1

20.7 Legacy Series / Replace Huawei GPON

« on: November 15, 2020, 07:44:46 am »

Hey guys,

I have Fiber to the home which terminates with a Huawei GPON HG8040H box that has the fiber input with 4 ethernet ports. 2 of the ports receive a DHCP assigned address from my ISP. I would like to simplify my setup and if possible remove the Huawei GPON from the network. I am not sure if it is possible but hoped the community could help. I have an x520 NIC card with two SFP ports. What I would like to do is simply run the Fiber cable from the ISP into the port on the X520 (using SC to LC cable) and spoofing the Huawei MAC with Opnsense. I think that much would work however how can I go about getting both IP addresses on that interface, particularly if they are DHCP assigned? Is that possible? I think this would be easier if I had static IPs, but that is in itself a bit of a challenge and I would like to try a solution with OPNsense.

Thanks!

2

Web Proxy Filtering and Caching / PostFix Gateway

« on: April 26, 2020, 12:24:25 pm »

Recently I set up an email server on my local LAN. It is set to receive mail on a nonstandard port (8025 Port-Forwarded to port 25 on the LAN side) and to send mail SMTP to an email relay, also on a nonstandard port (3325). I have this setup working fine now using a single port forward to take the external (8025) (inbound mail) and send it to the server on port 25.

After configuring this I came across the PostFix plugin which looks pretty cool. My question(s) is, would it make sense to return the mail server on my LAN to a "standard" ports setup and have the Postfix gateway on OPNsense handle sending the outbound mail to the relay? And the same for inbound? Do I understand this correctly that the Postfix gateway is sort of similar to a reverse proxy for my email server? If so would I gain any security benefits using Postfix Plugin instead of Port Forwarding? (as I do with other webservers like Nextcloud) It would seem that I could get another layer of spam filtering with the Postfix Plugin. Mail Server is running Postfix on the LAN.

I have OPNsense installed with several plugins including NGINX as the reverse proxy for a few web services. OPNsense handles SSL offloading with NGINX and Let's Encrypt. I have been happy with NGINX (and HAPROXY) and the integration of Let's Encrypt. Can I/should I reverse proxy a mail server as well with NGINX? or Postfix as the gateway? Or am I fine exposing one external port (port-forwarded 8025 to 25 to mail server)?

Thanks for your input

Thoughts?

3

19.7 Legacy Series / Alias Help

« on: January 21, 2020, 01:11:55 pm »

Hi, hopefully this is a quick answer to my question.

I am hoping somebody can look at my alias and tell me if I have created this correctly for use with spamhaus drop lists. The current setup when hitting save does not seem to populate PFtables and I am not sure that I set this up correctly. The OPNSense documentation https://docs.opnsense.org/manual/how-tos/edrop.html must be a little bit out of date because there is no "host(s)" selection to paste the drop list URL into when URL Tables type is selected.

Attached screenshot