1
General Discussion / Re: One computer - different subnet
« on: March 07, 2020, 10:46:36 pm »
Thanks, but nothing I do retrieves the license. I will contact the vendor Monday and see what they can do.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
General Discussion / Re: One computer - different subnet
« on: March 07, 2020, 09:45:57 pm »
Adding the NIC did something to the license. Even a restore can't get it back now.
Oh well
Oh well
3
General Discussion / One computer - different subnet
« on: March 07, 2020, 07:14:44 pm »
I have one computer that has an address of 192.168.100.105 that I want to access from the 192.168.1.x subnet as 192.168.1.105. I cannot change any computer IP because of licensing issues. So I am forced to try and access this one computer as 192.168.1.105 while leaving its IP @ 192.168.100.105. Any changes to the network on this computer will kill the license, which cost thousands of dollars. I also need to use this computer as a file server to the 192.168.1.x subnet.
I do have an unused interface on the OPNsense box that I can set to 192.168.100.x. I can bridge them but the issue is I need to use 192.168.1.105 on the existing subnet to get to the 192.168.100.105 computer. Maybe NAT them?
What is the best way to do this? If even possible.
I do have an unused interface on the OPNsense box that I can set to 192.168.100.x. I can bridge them but the issue is I need to use 192.168.1.105 on the existing subnet to get to the 192.168.100.105 computer. Maybe NAT them?
What is the best way to do this? If even possible.
4
20.1 Legacy Series / Re: Really a BAD realase.
« on: February 08, 2020, 09:21:29 pm »
Update went smoothly here. Can't even tell an update happened. All looks the same to me.
5
19.7 Legacy Series / Re: VPN Help
« on: January 26, 2020, 11:36:50 pm »
No one...
I figured this is easy for the firewall masters out there.
I figured this is easy for the firewall masters out there.
6
19.7 Legacy Series / Re: VPN Help
« on: January 25, 2020, 04:52:16 pm »
adding the rule to OPT1 didn't help. See attached
I still get no hits in the log. I have both rules set to log events.
I still get no hits in the log. I have both rules set to log events.
7
19.7 Legacy Series / VPN Help
« on: January 25, 2020, 12:19:48 am »
I need help configuring rules to allow my Windows 2016 VPN server to be able to be accessed on my LAN. Outside users can access via PPTP or L2TP just fine, The VPN server is on OPT1 interface and the local subnet is on LAN.
All the required ports are open for VPN PPTP and L2TP access. I just cannot get any local computers to connect.
The VPN server IP is 192.168.1.101 and I would like to connect to LAN 192.168.100.0/24
The OPT1 interface is 192.168.1.0/24.
I see no hits in the live logs to help me figure it out and I tried floating rules, OPT1 rules, and LAN rules to open the path between these IP's with no luck and I have NAT Reflection enabled. Maybe a NAT Reflection problem?
I am probably just missing something. It's been a while since I needed to change rules.
Attached is an example of an OPT1 rule I tried with no success.
Any help would be appreciated?
All the required ports are open for VPN PPTP and L2TP access. I just cannot get any local computers to connect.
The VPN server IP is 192.168.1.101 and I would like to connect to LAN 192.168.100.0/24
The OPT1 interface is 192.168.1.0/24.
I see no hits in the live logs to help me figure it out and I tried floating rules, OPT1 rules, and LAN rules to open the path between these IP's with no luck and I have NAT Reflection enabled. Maybe a NAT Reflection problem?
I am probably just missing something. It's been a while since I needed to change rules.
Attached is an example of an OPT1 rule I tried with no success.
Any help would be appreciated?
8
19.7 Legacy Series / Re: GeoIP not Updating
« on: January 16, 2020, 06:07:58 pm »
Mine updated yesterday as well. I also had to recreate the alias and rule. Now seems to work ok.
9
19.7 Legacy Series / Re: GEOIP stopt working
« on: January 12, 2020, 06:59:33 pm »
Would be nice if someone could post some GeoIP example rules.
I did seem to get it working, but I think my rules could be cleaner. Since floating rules don't include the local IP's, I have to have a rules for all the local nets before the GeoIP rules. Would be nice to include my own IP list into the Maxmind one.
I have to do this because my GeoIP rule is set to block all counties except US using an invert. See attached.
Is there a better way to handle this?
I did seem to get it working, but I think my rules could be cleaner. Since floating rules don't include the local IP's, I have to have a rules for all the local nets before the GeoIP rules. Would be nice to include my own IP list into the Maxmind one.
I have to do this because my GeoIP rule is set to block all counties except US using an invert. See attached.
Is there a better way to handle this?
10
19.7 Legacy Series / Re: GEOIP stopt working
« on: January 11, 2020, 08:17:51 pm »
I found a real disadvantage in using the invert GeoIP floating rule.
For example. I have a GeoIP rule which blocks every country except US and Canada for my Email ports (except 25). Doing this, any local IP's will not be in the Maxmind list so it will be blocked as well.
I am using a floating rule because I have multiple email servers and wanted the same GeoIP blocking for all of them.
So I either have to make a rule which allows all the local ports to pass before the GeoIP rule, or not use invert and have an enormous list in GeoIP.
Floating rules can be tricky to use due to the multiple interfaces and dual direction capabilities.
Any recommendations for the best approach here?
For example. I have a GeoIP rule which blocks every country except US and Canada for my Email ports (except 25). Doing this, any local IP's will not be in the Maxmind list so it will be blocked as well.
I am using a floating rule because I have multiple email servers and wanted the same GeoIP blocking for all of them.
So I either have to make a rule which allows all the local ports to pass before the GeoIP rule, or not use invert and have an enormous list in GeoIP.
Floating rules can be tricky to use due to the multiple interfaces and dual direction capabilities.
Any recommendations for the best approach here?
11
19.7 Legacy Series / Re: GEOIP stopt working
« on: January 11, 2020, 06:26:08 pm »
Started working after I changed the floating rule to block both directions. Seems most of the blocking was done by IDS already
12
19.7 Legacy Series / Re: GEOIP stopt working
« on: January 11, 2020, 05:53:36 pm »
@chemlud It works. Also tried China sites using WebSitePulse and they all work.
So that means the GeoIP is not functioning for me.
So that means the GeoIP is not functioning for me.
13
19.7 Legacy Series / Re: GEOIP stopt working
« on: January 11, 2020, 05:07:49 pm »
Tried recreating rule and alias, still no log entries for GeoIP.
Tried the shell command above and everything is correct. Just not seeing any blocks in the logs. Not sure if it is working or not.
Is there any other way to test this?
Tried the shell command above and everything is correct. Just not seeing any blocks in the logs. Not sure if it is working or not.
Is there any other way to test this?
14
19.7 Legacy Series / Re: GEOIP stopt working
« on: January 10, 2020, 04:52:28 pm »
The GeoIP function does not seem to be working. There are no log entries and I use to see a ton of them before the change. Everything looks ok in the GeoIP Settings. Yes, the rule is set to log hits
Is there something I am missing or something else I need to do?
I have the rule set to block all countries except US with an invert. Same rule as before the change. Never get a hit on it and that's just not possible.
Attached is what my floating rule looks like. Please advise if this rule is wrong
Is there something I am missing or something else I need to do?
I have the rule set to block all countries except US with an invert. Same rule as before the change. Never get a hit on it and that's just not possible.
Attached is what my floating rule looks like. Please advise if this rule is wrong
15
19.7 Legacy Series / Re: GEOIP stopt working
« on: January 09, 2020, 10:57:40 pm »
It is a brand new feature and it didn't work when it was used and we reported it. My suggestion of putting a note in the message was so others wouldn't also think it was an issue. The message looks like something went wrong.