Topics

Hey y'all,
I use Zenarmor with the ElasticSearch database on OPNsense and want to monitor that database from another host on my local network. I noticed however that the connections to OPNsense on port 9200 are blocked. So I created this rule:


When I test locally on OPNsense, no problem as expected (no rule needed):

Code Select Expand


root@router01:~ # telnet 127.0.0.1 9200
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.


However, when trying from 10.1.1.21, the telnet never connects. Am I missing something obvious here? The 10.1.1.0/24 subnet is in the LOCAL group.

Hello,
I have WAN on my modem going to my first OPNsense box. I have another OPNsense box and I'm unsure how to proceed. What I want is to be able to patch/reboot one box without losing my network.
What is the best way going forward?
Thank you

Hello there,

My ISP gave me a modem-router box which I'm able to bypass the routing functin with PPPoE passthrough (WAN_1). So I have this set up in OPNsense and it works well. However, with the PPPoE passthrough, I'm not able to log in to my modem to change its config, so what I'm doing is I'm hooking a second ethernet cable from my modem to my OPNsense box and have this set up as another WAN using DHCP (WAN_2). This way I'm able to access both the internet (through WAN_1 and WAN_2) and my modem-router through WAN_2.

Now, my local network on OPNsense is set up as 10.0.0.0/8. The modem-router box has its own DHCP server working on 192.168.2.0/24. I get a public address on WAN_1 through PPPoE, and a 192.168.2.0/24 address through WAN_2. I'd like all traffic to go through WAN_1 except explicitely for the trafic trying to talk to the 192.168.2.0/24 network. What is the easiest approach?

Thank you!

Rather simple issue here, when I try to ping opnsense with its hostname it replies from a different IP every time.



All of those addresses are different subnets. I'm doing my tests from the 10.1.1.0/24 subnet (which has access to all the other subnets). Is there a way to make it so that the DNS answers with the IP from the correct segment when asked about itself?

I'm using Unbound.

My OPNsense hostname is "router" (I know, very original). I have a bunch of interfaces/VLANs... my problem is that pinging "router" is very inconsistent, and here is why (example coming from the 10.1.1.0/24 subnet):

Code Select Expand

vm-admin:~ # dig router

; <<>> DiG 9.16.6 <<>> router
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20656
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 8, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;router.                                IN      A

;; ANSWER SECTION:
router.                 3600    IN      A       10.1.100.1
router.                 3600    IN      A       10.1.200.1
router.                 3600    IN      A       10.2.30.1
router.                 3600    IN      A       10.2.20.1
router.                 3600    IN      A       10.2.10.1
router.                 3600    IN      A       10.1.1.1
router.                 3600    IN      A       10.2.1.1

;; Query time: 0 msec
;; SERVER: 10.1.1.1#53(10.1.1.1)
;; WHEN: Sun Jul 17 13:53:39 EDT 2022
;; MSG SIZE  rcvd: 163

Of course, on every interface/VLAN, the ".1" is OPNsense itself, however I'd like the DNS to reply either with 10.1.1.1 or whatever ".1" from the interface the request comes from.