1
19.1 Legacy Series / Re: 19.1 development milestones
« on: November 07, 2018, 07:30:26 pm »
Would it be possible to integrate pihole or something similar directly into opnsense? I´m running my pihole on a vm at the moment...
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
18.1 Legacy Series / Re: Access to dsl modem interface with a nat rule not possible
« on: June 11, 2018, 09:28:28 am »
Hi, thanks for you reply.
As for my understanding this isn´t insecure because it is not avaiable from public wan. Modem access interface just uses the same phsysical port as opnsense uses for the wan bridge, but the real wan connection is on a virtual ppoe interface.
I just followed the manual from pfsense and thought this would work.
At first I had the same configuration as you posted, fritzbox was connected also to the lan with a different lan port. But I don´t like this config because fritzbox is still scanning the whole lan for devices and I don´t trust fritzbox very much, so I think if the fritzbox is hacked, the hacker is simply able to attack devices on my lan.
So I tried to put this fritzbox "management port" into a vlan with my switch and created a new vlan interface on opnsense with rules to be able to access the fritzbox gui. This works fine from opnsense itself, I could ping access web etc., but I was not able to access the gui from my pc.
It seems that fritzbox is only allowing connections to the gui from the network itself configured on the fritzbox. Maybe it is also a problem that the fritzbox don´t know how to route back.
But it is not possible to configure routes for this manually on fbox and also I didn´t find an option to disable restrictions to access the fbox gui.
As for my understanding this isn´t insecure because it is not avaiable from public wan. Modem access interface just uses the same phsysical port as opnsense uses for the wan bridge, but the real wan connection is on a virtual ppoe interface.
I just followed the manual from pfsense and thought this would work.
At first I had the same configuration as you posted, fritzbox was connected also to the lan with a different lan port. But I don´t like this config because fritzbox is still scanning the whole lan for devices and I don´t trust fritzbox very much, so I think if the fritzbox is hacked, the hacker is simply able to attack devices on my lan.
So I tried to put this fritzbox "management port" into a vlan with my switch and created a new vlan interface on opnsense with rules to be able to access the fritzbox gui. This works fine from opnsense itself, I could ping access web etc., but I was not able to access the gui from my pc.
It seems that fritzbox is only allowing connections to the gui from the network itself configured on the fritzbox. Maybe it is also a problem that the fritzbox don´t know how to route back.
But it is not possible to configure routes for this manually on fbox and also I didn´t find an option to disable restrictions to access the fbox gui.
3
18.1 Legacy Series / Re: Access to dsl modem interface with a nat rule not possible
« on: June 10, 2018, 10:56:27 pm »
Here are the other 2 attachments.
As source address i tried any and my local lan subnet, both didn´t work
As source address i tried any and my local lan subnet, both didn´t work
4
18.1 Legacy Series / Access to dsl modem interface with a nat rule not possible
« on: June 10, 2018, 10:55:58 pm »
Hi, I have a dsl internet connection with a fritzbox modem in bridge mode, so that my opnsense handles the dsl login.
I want to have access to the "modem" gui from my lan interface and found the following manual:
https://www.netgate.com/docs/pfsense/interfaces/accessing-modem-from-inside-firewall.html
The fritzbox has an emergency ip 169.254.1.1/16. So i setup a new opt interface on the same physical interface as my pppoe connection with ip 169.254.1.2/16.
And also switches from automatic outbound nat to hybrid nat (I also tried manual nat, but it doesn´t work either) and created the rule as in the manuel.
I can ping the modem from opnsense, but any connection from my lan is not possible.
Anyone with a working configuration for this and can help me?
I want to have access to the "modem" gui from my lan interface and found the following manual:
https://www.netgate.com/docs/pfsense/interfaces/accessing-modem-from-inside-firewall.html
The fritzbox has an emergency ip 169.254.1.1/16. So i setup a new opt interface on the same physical interface as my pppoe connection with ip 169.254.1.2/16.
And also switches from automatic outbound nat to hybrid nat (I also tried manual nat, but it doesn´t work either) and created the rule as in the manuel.
I can ping the modem from opnsense, but any connection from my lan is not possible.
Anyone with a working configuration for this and can help me?
5
18.1 Legacy Series / NAT / Fake IP / IP rewriting from internal to dmz-vlan
« on: April 20, 2018, 07:55:13 pm »
Hi,
I am using OPNSense with a FritzBox as a DSL Modem for WAN connection.
I had connected the Fritzbox to WAN-Side on OPNSense and also connected to my internal LAN network, so I was able to login to the Fritzbox to watch the DSL-Status.
But I don´t want the Fritzbox to "see" my internal network and its devices, so I have created an vlan interface on opnsense and switch etc. for the fritzbox.
I am able to ping the Fritzbox from the vlan interface on my opnsense (interface / diagnostics) but i am not able to access it from my lan. A rule for allowing access from lan to everywhere exists.
Also a ping from my lan to the opnsense adress on the vlan-interface works.
I think the FB is blocking access to it from outside its own network.
So I am trying to implement nat or something to fake the ip accessing the fritzbox, so it looks like its coming from fritzbox internal network.
I tried port forwarding on LAN with a fake-ip to the real-ip but no success so far.
Someone got a solution for me
Sorry for bad english
Regards,
Dennis
I am using OPNSense with a FritzBox as a DSL Modem for WAN connection.
I had connected the Fritzbox to WAN-Side on OPNSense and also connected to my internal LAN network, so I was able to login to the Fritzbox to watch the DSL-Status.
But I don´t want the Fritzbox to "see" my internal network and its devices, so I have created an vlan interface on opnsense and switch etc. for the fritzbox.
I am able to ping the Fritzbox from the vlan interface on my opnsense (interface / diagnostics) but i am not able to access it from my lan. A rule for allowing access from lan to everywhere exists.
Also a ping from my lan to the opnsense adress on the vlan-interface works.
I think the FB is blocking access to it from outside its own network.
So I am trying to implement nat or something to fake the ip accessing the fritzbox, so it looks like its coming from fritzbox internal network.
I tried port forwarding on LAN with a fake-ip to the real-ip but no success so far.
Someone got a solution for me
Sorry for bad english
Regards,
Dennis
6
17.7 Legacy Series / No new connections after ~15 min after Upgrading to 17.7.4 Firmware
« on: September 29, 2017, 01:37:09 pm »
Hi,
I have upgraded to 17.4 yesterday and have some strange bahavior now.
Upgrade itself was working normal without any errors, exept ids was not strted and I had to reboot.
I use simple nat with 1 wan dsl connection.
After the update it seems like after 15 minutes all _new_ connections going to wan are blocked.
I can ping for e.g. 8.8.8.8 on my pc without any problems, even after 15 minutes when I ping permanently.
But when I try to do simple web surfing after these 15 minutes no connection is possible. Even from the opnsense itself I am not able to ping 8.8.8.8 for e.g.
In the dashboard I can see, that the dsl connection is still up and running. Even the ping from my pc I started directly after rebooting is still working. But any new connections do not work.
When I try to reconnect the wan dsl connectionit will not come up again.
To solve the problems I have to restart the opnsense.
After restart it takes a long time before the dsl connection is up again (20 to 30 tries in log file), but then everything is working again for around 15 minutes.
My hardware is an APU 1 board (realtek cards).
Anyone got an idea what is going wrong?
For me it looks like the firewall is blocking connections after these ~15 minutes, I can´t find any problems in other logs (pppoe, system hardware etc.)
regards,
Dennis
I have upgraded to 17.4 yesterday and have some strange bahavior now.
Upgrade itself was working normal without any errors, exept ids was not strted and I had to reboot.
I use simple nat with 1 wan dsl connection.
After the update it seems like after 15 minutes all _new_ connections going to wan are blocked.
I can ping for e.g. 8.8.8.8 on my pc without any problems, even after 15 minutes when I ping permanently.
But when I try to do simple web surfing after these 15 minutes no connection is possible. Even from the opnsense itself I am not able to ping 8.8.8.8 for e.g.
In the dashboard I can see, that the dsl connection is still up and running. Even the ping from my pc I started directly after rebooting is still working. But any new connections do not work.
When I try to reconnect the wan dsl connectionit will not come up again.
To solve the problems I have to restart the opnsense.
After restart it takes a long time before the dsl connection is up again (20 to 30 tries in log file), but then everything is working again for around 15 minutes.
My hardware is an APU 1 board (realtek cards).
Anyone got an idea what is going wrong?
For me it looks like the firewall is blocking connections after these ~15 minutes, I can´t find any problems in other logs (pppoe, system hardware etc.)
regards,
Dennis
7
Development and Code Review / Re: mdns-repeater
« on: September 06, 2017, 10:00:56 pm »
Hi,
thank you very much, I try it right now, works great so far.
I killed my manually started mdns-repeater process and just installed the pkg from fabian, logged out and in again and then enabled my 2 interfaces under services and it works!
Thank you for fast and great developing guys, you´re awesome!
thank you very much, I try it right now, works great so far.
I killed my manually started mdns-repeater process and just installed the pkg from fabian, logged out and in again and then enabled my 2 interfaces under services and it works!
Thank you for fast and great developing guys, you´re awesome!
8
General Discussion / Re: Avahi / mDNS Proxy avaiable?
« on: September 06, 2017, 09:56:37 pm »
Hi guys,
wow your guys are awesome, tried it right now and it works great so far!
Thanks for quick answering and developing!
wow your guys are awesome, tried it right now and it works great so far!
Thanks for quick answering and developing!
9
General Discussion / Re: Please Make a Donation to OPNsense
« on: September 01, 2017, 11:46:40 pm »
Switched from pf to opnsense for around 2 weeks now and so far I am very happy, so I donated 10€ for now
10
General Discussion / Re: Avahi / mDNS Proxy avaiable?
« on: September 01, 2017, 11:38:50 pm »
Hi Franko,
thank you for feedback.
I didn´t know mdns-repeater until I read it here in forum.
I can say, that avahi on pfsense had some options to play with (forward of ipv6 to ipv4 and vice versa e.g), but mdns-repeater seems to only need the interfaces it should work with (reX and reX_vlan in my case) and thats it, it out itself into deamon/background mode and there is a switch to see some kind of logging on console.
So I think it would be enough to just have an option in the general system configuration where you can select the known interfaces of the system to enable mdns-repeater to work with.
I am not really a programmer, didnt get any further than some pascal stuff 20 years ago and some shell scripting but I think someone who knows the opnsense system and gui could do this very quick
I hope there would be a way to implement this, that would be very nice
regards and a beautiful weekend everyone
thank you for feedback.
I didn´t know mdns-repeater until I read it here in forum.
I can say, that avahi on pfsense had some options to play with (forward of ipv6 to ipv4 and vice versa e.g), but mdns-repeater seems to only need the interfaces it should work with (reX and reX_vlan in my case) and thats it, it out itself into deamon/background mode and there is a switch to see some kind of logging on console.
So I think it would be enough to just have an option in the general system configuration where you can select the known interfaces of the system to enable mdns-repeater to work with.
I am not really a programmer, didnt get any further than some pascal stuff 20 years ago and some shell scripting
but I think someone who knows the opnsense system and gui could do this very quick I hope there would be a way to implement this, that would be very nice
regards and a beautiful weekend everyone
11
General Discussion / Re: Avahi / mDNS Proxy avaiable?
« on: August 31, 2017, 09:53:07 pm »
Hi found in the forum that mdns-responder will do the job
I installed it with pkg install mdns-repeater
and simply started it with my 2 interfaces and in this moment I am listening to my airplay stream from smartphone to my hifi receiver
I would like to see this in upcoming releases an an generel option in the system configuration. I think there are much users that are using this and when it is so simple to start it could be general installed and used as an gui option maybe?
regards
Dennis
I installed it with pkg install mdns-repeater
and simply started it with my 2 interfaces and in this moment I am listening to my airplay stream from smartphone to my hifi receiver
I would like to see this in upcoming releases an an generel option in the system configuration. I think there are much users that are using this and when it is so simple to start it could be general installed and used as an gui option maybe?
regards
Dennis
12
General Discussion / [SOLVED] Avahi / mDNS Proxy avaiable?
« on: August 31, 2017, 09:17:19 pm »
Hi everyone,
I am a long user of pfsense in my home enviroment, but since pf was a little bitchy sometimes when updating and I wanted to try ips I switches over to opnsense 2 weeks ago.
System feels much faster, and most things I was able so setup without problems.
But one feature I am missing is to forward mdns from interface to interface.
I have nothing special here, just a lan network and some vlans for wifi - control, internal wifi and guest wifi.
So my airplay receiver for example is not in the same network as my smartphone. On pf I just installed avahi for that and most of the time it workes without problems, sometimed I had to restart the service when the devices were not able to "see" them anymore
I can´t find avahi in the plugins is there a different package avaiable for that or how can I implement forwarding mdns?
Regards
Dennis
Chage: Mark as solved
I am a long user of pfsense in my home enviroment, but since pf was a little bitchy sometimes when updating and I wanted to try ips I switches over to opnsense 2 weeks ago.
System feels much faster, and most things I was able so setup without problems.
But one feature I am missing is to forward mdns from interface to interface.
I have nothing special here, just a lan network and some vlans for wifi - control, internal wifi and guest wifi.
So my airplay receiver for example is not in the same network as my smartphone. On pf I just installed avahi for that and most of the time it workes without problems, sometimed I had to restart the service when the devices were not able to "see" them anymore
I can´t find avahi in the plugins
is there a different package avaiable for that or how can I implement forwarding mdns?Regards
Dennis
Chage: Mark as solved
Pages: [1]