Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - ab5g

#1
Sorry I wasn't very clear before. I meant do you have plans for people who have an Opnsense for home use (like me). I'd love to subscribe to the service but 25$ a month is a bit steep. I don't mind a reduced feature set (a lesser retention time for the logs perhaps 3 days for live and a month for archive).
#2
A little something from my side. Has been rock stable for me for a year plus.
#3
The UI looks slick and nice. Gives me the right kind of reports at a glance. Congratulations on a well thought of and made product.
Any change you can offer a Home subscription (with reduced features?). At 25$ a month it may be beyond the reach of the home users .
#4
19.1 Legacy Series / Re: Port Forward to LAN Bridge
June 18, 2019, 04:26:47 PM
Well, I found the answer. The bridge was working fine. Apparently the system in question was a osx machine and I recently installed the macserver app on it. For some reason the app was blocking the packets. All good now :)
#5
19.1 Legacy Series / Re: Port Forward to LAN Bridge
June 17, 2019, 02:28:18 PM
Sorry if the title is confusing.

I had it setup minus the bridge and the port forward worked perfectly ( thanks to the awesome  documentation here).
The bridge is breaking it.  I had set it up using this guide https://wiki.opnsense.org/manual/how-tos/lan_bridge.html
The bridge is working correctly, I get dhcp to the devices, the devices can talk to each other on layer 2 even when they are connected to two different physical ports.
So I'm missing something, perhaps a filter??

Thanks for the help
#6
Hi

Can anyone help me understand why this is not working ?


  • I have a firewall in L3 mode terminating my ISP connection.
  • I have configured 2 ports on the LAN side which are bridged into a single LAN (192.168.1.0/24) - Lets call them LAN1 and LAN2 ports.
  • On the firewall I have setup a port forward from my external IP:Port to internal IP:Port - Added the NAT rule/corresponding firewall rule.
  • When I try to access a machine on LAN2 port from LAN 1 port --> it works
  • When I try to access a machine on LAN2 port from WAN port --> doesn't work .

I looked at the live logs and can see the packet from WAN hit the NAT rule and is allowed. I can also see the packet that the firewall sends to the bridge group after the NAT rule.[/img]
The packet disappears after this - I don't see it on the machine. Verified the machine has no firewall.

The following parameters are set as below

net.link.bridge.pfil_member is set to 0
net.link.bridge.pfil_bridge   is set to 1

P.S - I am running this on a baremetal box (no VMware)
#7
General Discussion / Re: OPNsense on Cisco Meraki??
March 24, 2019, 02:36:26 PM
Quote from: theCiscoGeek on March 22, 2019, 06:03:22 AM
I'm just going to leave this here for now  ;D

Details of the installation  ?
#8
+1 please - If time permits, that feature would be awesome to have !
#9
This is pretty much a standard configuration. You can safely enable this by

Firewall: Rules: LAN
Source LAN Net; Destination Any ; Action Allow

Firewall: Rules: GUEST_LAN
Source GUEST_LAN net; Destination !LAN Net: Action Allow
#10
18.7 Legacy Series / Re: Cannot ping firewall from LAN
January 15, 2019, 03:23:09 PM
IPS off ?
#11
18.7 Legacy Series / Re: Loss of LAN
October 03, 2018, 10:01:07 AM
Try a elimination based approach to troubleshooting

What version is the FW?
Do you have IPS turned on  ?
Can your LAN devices ping the local gateway on the firewall during the outage ?
Can you access the firewall UI from LAN during the outage ?
Isolate a DNS issue by pinging an internet IP instead of a domain
Firewall, Log, Live View >> What do you see when you have the outage.
Do you have any other packages installed like Sensei
#12
18.7 Legacy Series / Re: fwd: VLAN for IOT
September 25, 2018, 03:50:41 AM
You cannot make a rule based on a UNC name - although you can create an alias based on  a FQDN. Firewall: Aliases: View

Rule number 2 will block IOT LAN from aceessing your LAN. It does not give IOT access to internet.

To do so you can have a rule 3 which says allow access from any to any/inet.

#13
Did you manage to read this ? - https://wiki.opnsense.org/manual/how-tos/proxytransparent.html
I set mine up last week and was a pretty straight forward process. If you did follow the guide then paste your firewall screenshots here.
#14
I don't think you can force the OpenVPN traffic through the proxy. I have the http proxy turned on in transparent mode. When I connect to my home through SSLVPN i cant seem to register the http traffic on proxy logs. I had the the same configurations as you and it wouldn't register the http traffic. I looked around a bit and i thought i saw someone mention that its not supported (I didn't read up much on it to be honest or gave it another go - happy to be proved wrong).
#15
18.7 Legacy Series / Re: All Memoy used
September 21, 2018, 08:01:22 AM
I can confirm the same that the swap is not getting used in the dashboard. No crashes for me. I upgraded about 12 hours ago to 18.7.3.
Mem util - 15%
CPU below 5%

128 GB SSD; 8 GB RAM, 8 GB SWAP.

root@OPNsense:~ # swapinfo
Device          1K-blocks     Used    Avail Capacity
/dev/gpt/swapfs   8388608        0  8388608     0%

root@OPNsense:~ # cat /etc/fstab
# Device                Mountpoint      FStype  Options         Dump    Pass#
/dev/gpt/rootfs /               ufs     rw              1       1
/dev/gpt/swapfs         none            swap    sw              0       0
root@OPNsense:~ #