Messages

1

General Discussion / Re: Netify Network Intelligence on OPNsense - Now Available

« on: February 14, 2020, 12:01:21 am »

Sorry I wasn’t very clear before. I meant do you have plans for people who have an Opnsense for home use (like me). I’d love to subscribe to the service but 25$ a month is a bit steep. I don’t mind a reduced feature set (a lesser retention time for the logs perhaps 3 days for live and a month for archive).

2

General Discussion / Re: Please Make a Donation to OPNsense

« on: February 13, 2020, 04:39:27 am »

A little something from my side. Has been rock stable for me for a year plus.

3

General Discussion / Re: Netify Network Intelligence on OPNsense - Now Available

« on: February 13, 2020, 04:35:12 am »

The UI looks slick and nice. Gives me the right kind of reports at a glance. Congratulations on a well thought of and made product.
Any change you can offer a Home subscription (with reduced features?). At 25$ a month it may be beyond the reach of the home users .

4

19.1 Legacy Series / Re: Port Forward to LAN Bridge

« on: June 18, 2019, 04:26:47 pm »

Well, I found the answer. The bridge was working fine. Apparently the system in question was a osx machine and I recently installed the macserver app on it. For some reason the app was blocking the packets. All good now

5

19.1 Legacy Series / Re: Port Forward to LAN Bridge

« on: June 17, 2019, 02:28:18 pm »

Sorry if the title is confusing.

I had it setup minus the bridge and the port forward worked perfectly ( thanks to the awesome  documentation here).
The bridge is breaking it.  I had set it up using this guide https://wiki.opnsense.org/manual/how-tos/lan_bridge.html
The bridge is working correctly, I get dhcp to the devices, the devices can talk to each other on layer 2 even when they are connected to two different physical ports.
So I'm missing something, perhaps a filter??

Thanks for the help

6

19.1 Legacy Series / [Solved] Port Forward to LAN Bridge

« on: June 17, 2019, 10:02:56 am »

Hi

Can anyone help me understand why this is not working ?

• I have a firewall in L3 mode terminating my ISP connection.
• I have configured 2 ports on the LAN side which are bridged into a single LAN (192.168.1.0/24) - Lets call them LAN1 and LAN2 ports.
• On the firewall I have setup a port forward from my external IP:Port to internal IP:Port - Added the NAT rule/corresponding firewall rule.
• When I try to access a machine on LAN2 port from LAN 1 port --> it works
• When I try to access a machine on LAN2 port from WAN port --> doesn't work .

I looked at the live logs and can see the packet from WAN hit the NAT rule and is allowed. I can also see the packet that the firewall sends to the bridge group after the NAT rule.[/img]
The packet disappears after this - I don't see it on the machine. Verified the machine has no firewall.

The following parameters are set as below

net.link.bridge.pfil_member is set to 0
net.link.bridge.pfil_bridge   is set to 1

P.S - I am running this on a baremetal box (no VMware)

7

General Discussion / Re: OPNsense on Cisco Meraki??

« on: March 24, 2019, 02:36:26 pm »

I'm just going to leave this here for now 

Details of the installation  ?

8

19.1 Legacy Series / Re: [FEATURE REQUEST] - Keep the lobby traffic graphs persistent

« on: January 27, 2019, 06:20:07 am »

+1 please - If time permits, that feature would be awesome to have !

9

18.7 Legacy Series / Re: How to enable restricted traffic between local networks?

« on: January 22, 2019, 02:45:15 pm »

This is pretty much a standard configuration. You can safely enable this by

Firewall: Rules: LAN
Source LAN Net; Destination Any ; Action Allow

Firewall: Rules: GUEST_LAN
Source GUEST_LAN net; Destination !LAN Net: Action Allow

10

18.7 Legacy Series / Re: Cannot ping firewall from LAN

« on: January 15, 2019, 03:23:09 pm »

IPS off ?

11

18.7 Legacy Series / Re: Loss of LAN

« on: October 03, 2018, 10:01:07 am »

Try a elimination based approach to troubleshooting

What version is the FW?
Do you have IPS turned on  ?
Can your LAN devices ping the local gateway on the firewall during the outage ?
Can you access the firewall UI from LAN during the outage ?
Isolate a DNS issue by pinging an internet IP instead of a domain
Firewall, Log, Live View >> What do you see when you have the outage.
Do you have any other packages installed like Sensei

12

18.7 Legacy Series / Re: fwd: VLAN for IOT

« on: September 25, 2018, 03:50:41 am »

You cannot make a rule based on a UNC name - although you can create an alias based on  a FQDN. Firewall: Aliases: View

Rule number 2 will block IOT LAN from aceessing your LAN. It does not give IOT access to internet.

To do so you can have a rule 3 which says allow access from any to any/inet.

13

Web Proxy Filtering and Caching / Re: Squid Trasparent proxy problem

« on: September 21, 2018, 04:53:05 pm »

Did you manage to read this ? - https://wiki.opnsense.org/manual/how-tos/proxytransparent.html
I set mine up last week and was a pretty straight forward process. If you did follow the guide then paste your firewall screenshots here.

14

Web Proxy Filtering and Caching / Re: after activating SSL proxy, nothing happening.

« on: September 21, 2018, 04:50:17 pm »

I don’t think you can force the OpenVPN traffic through the proxy. I have the http proxy turned on in transparent mode. When I connect to my home through SSLVPN i cant seem to register the http traffic on proxy logs. I had the the same configurations as you and it wouldn’t register the http traffic. I looked around a bit and i thought i saw someone mention that its not supported (I didn’t read up much on it to be honest or gave it another go - happy to be proved wrong).

15

18.7 Legacy Series / Re: All Memoy used

« on: September 21, 2018, 08:01:22 am »

I can confirm the same that the swap is not getting used in the dashboard. No crashes for me. I upgraded about 12 hours ago to 18.7.3.
Mem util - 15%
CPU below 5%

128 GB SSD; 8 GB RAM, 8 GB SWAP.

root@OPNsense:~ # swapinfo
Device          1K-blocks     Used    Avail Capacity
/dev/gpt/swapfs   8388608        0  8388608     0%

root@OPNsense:~ # cat /etc/fstab
# Device                Mountpoint      FStype  Options         Dump    Pass#
/dev/gpt/rootfs /               ufs     rw              1       1
/dev/gpt/swapfs         none            swap    sw              0       0
root@OPNsense:~ #