Topics

1

General Discussion / what firewall rule should I used for my situation?

« on: September 19, 2023, 07:06:04 pm »

I am new to opnsense and trying to learn. I recently setup an opnsense that run nginx plugin with version 23.1 and followed a guide that I couldnt find anymore, now I installed a new version 23.7.4 OPNsense and couldnt make it run like it was on 23.1. on the firewall Log files: Live view I saw that there is a rule that blocks the request on port 8080(please see attachment), which I immediately find that its an auto generated rules, but I have a firewall rules that will let all pass on both lan and wan, just to see if that will work, but it doesnt behave like that and keeps on blocking it.

How can I pass thru this auto generated rules?

2

23.7 Legacy Series / need help with nginx plugin

« on: September 19, 2023, 05:47:45 am »

I'm running OPNsense 23.7.4 but only uses it for the nginx plugin and firewall, I open port 80 and 443 to the wan firewall, I have virtual IP to use as carp. my upstream server is pointing on a vm in my syste, I had my opnsense gui to open in a different port.

pfctl -d will let the flow of traffic to my upstream server, but when this is enable it wont let the traffic in. I was able to make this work on version 23.1, but not with 23.7.4 it wont work.

I also have accept all rules on my firewall rules.

3

23.7 Legacy Series / NO plugins available

« on: September 14, 2023, 09:39:21 pm »

I installed an opnsense  version 23.7 on a proxmox VM, how do you guys install a plugins? when I check on the plugin page System > Firmware > Plugins for 2 days now it is now showing a lift of plugins unlike in version 23.1.

I've run update a couple of times now but no luck with the list of plugins that I can install.

4

Web Proxy Filtering and Caching / SHIFT_JIS and other charset on nginx

« on: July 20, 2023, 12:17:47 am »

is there a way to add shift_jis support on the nginx plugin in opnsense? the only options that I see on the charset is utf-8 and none, but I want to load a page that is in shift_jis

5

General Discussion / ACME for own hosted DNS server

« on: July 17, 2023, 05:49:10 am »

how to add DNS challenge to get a certificate for your domain, when you have your own DNS server. On the challenge type DNS-01 what DNS service should I use?

6

High availability / IP Alias over HA

« on: July 14, 2023, 10:07:43 pm »

I have multiple IP Alias on my Virtual IPs on the master, do I have to copy it manually to my backup? coz I notice that it's not copying that to my back up, but when I tried to copy it over my service went down and inaccessible. is there something that I am doing wrong with this set up?

7

High availability / how to setup skew for HA in OPNsense 23.1.11?

« on: July 13, 2023, 10:04:12 pm »

I'm following a guide from this https://www.thomas-krenn.com/en/wiki/OPNsense_HA_Cluster_configuration
and I have OPNsense 23.1.11


from my version of opnsense I'm trying to look for this settings

Code: [Select]

Advertising Frequency: Base 1 / Skew 0
but I only have

Code: [Select]

advbase
SO I was wondering, how to setup skew from this version of opnsense?

8

General Discussion / Need help with HAProxy configuration

« on: June 29, 2023, 02:56:03 am »

I need help on configuring HAProxy properly. I got this configuration from Config Export

Code: [Select]

# Frontend: domain1 (domain1.com)
frontend domain1
    bind public.ip:80 name public.ip:80 ssl alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/6491e75b20ea54.02766459.certlist
    bind public.ip:443 name public.ip:443 ssl alpn h2,http/1.1 crt-list /tmp/haproxy/ssl/6491e75b20ea54.02766459.certlist
    mode http
    option http-keep-alive
    default_backend domain1

    # logging options
    # ACL: domain1
    acl acl_6491e70d7556b9.18780762 hdr_beg(host) -i domain1.com

    # ACTION: domain1Rules
    use_backend domain1 if acl_6491e70d7556b9.18780762

# Frontend: tgwdomain1_PUBSERV (tgw.domain1.com)
frontend tgwdomain1_PUBSERV
    bind public.ip:80 name public.ip:80
    mode http
    option http-keep-alive
    default_backend tgwdomain1_BKENDSERV

    # logging options
    option httplog
    # ACL: tgwdomain1_COND
    acl acl_649cc5f09372a0.09326053 hdr_beg(host) -i tgw.domain1.com

    # ACTION: tgwdomain1Rules
    use_backend tgwdomain1_BKENDSERV if acl_649cc5f09372a0.09326053

# Backend: domain1 (domain1.com)
backend domain1
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m 
    stick on src
    http-reuse safe
    server domain1 10.35.2.32:8091

# Backend: tgwdomain1_BKENDSERV (tgw.domain1.com)
backend tgwdomain1_BKENDSERV
    # health checking is DISABLED
    mode http
    balance source
    # stickiness
    stick-table type ip size 50k expire 30m 
    stick on src
    http-reuse safe
    server tgwdomain1SERV 10.35.2.30:80



# statistics are DISABLED


Log says

[28/Jun/2023:17:42:42.203] tgwdomain1_PUBSERV tgwdomain1_PUBSERV/<NOSRV> -1/-1/-1/-1/3 0 0 - - PR-- 22/1/0/0/0 0/0 "<BADREQ>"


I want to use public.ip for all my subdomains, it was able to load domain1.com properly but for tgw.domain1.com it doesn't load, before I was able to make it load but the issue was the subdomain will load what's in domain1.com and vice versa.