1
Tutorials and FAQs / Re: Script to send emails for updates
« on: March 23, 2016, 11:20:08 pm »
Thanks for update. Working on Debian 7.9 w/python 2.7.3.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
16.1 Legacy Series / Re: Help Configuring Split DNS
« on: February 22, 2016, 05:07:08 pm »
Under Services > DNS Forwarder towards the bottom of the page find the Host Overrides section.
Click on the plus sign to add an override. Enter the hostname & domain for public domain that you are trying to access. In my case I use service.dyndns.org so hostname = service, domain = dyndns.org. Then add local IP of the machine that service is hosted and a description. You can also add different aliases for this host at the bottom of the dialog. Creating these DNS entries will autogenerate firewall rules on the WAN interface for NAT.
Your internal hosts will now use this local DNS config to find your published services using the same URL that internet clients would use.
Click on the plus sign to add an override. Enter the hostname & domain for public domain that you are trying to access. In my case I use service.dyndns.org so hostname = service, domain = dyndns.org. Then add local IP of the machine that service is hosted and a description. You can also add different aliases for this host at the bottom of the dialog. Creating these DNS entries will autogenerate firewall rules on the WAN interface for NAT.
Your internal hosts will now use this local DNS config to find your published services using the same URL that internet clients would use.
3
16.1 Legacy Series / Re: Allow traffic between zones.
« on: February 19, 2016, 04:58:52 pm »Packet capture on WIFI
14:51:20.008479 IP 192.168.3.210.35372 > 192.168.2.110.445: tcp 0
For your rules I would remove the last 2 entries on WIFI net for LAN net and leave just the WIFI net to any dest enabled and try to get to both your LAN and WAN. If that works add a block from src WIFI net to LAN net. This should still allow WAN and remove access to LAN.
Then, after that block rule you can make an exception for your WIFI device you want access to LAN device by both assigning static DHCP lease and then creating a rule to allow that src IP on WIFI net to your pc IP on LAN net only.
Again, do this between the block rule to LAN net and the "default" allow rule from WIFI net to anywhere.
4
16.1 Legacy Series / [SOLVED] firewall widget broken
« on: February 19, 2016, 04:39:47 pm »
When clicking on source IP in firewall widget (Reverse resolve with DNS) I am seeing this since 16.1 was released:
http://postimg.org/image/sqipoi60v/
http://postimg.org/image/sqipoi60v/
5
Tutorials and FAQs / Re: Script to send emails for updates
« on: January 28, 2016, 07:30:18 pm »
Thanks for this. Confirmed on Debian wheezy. Got an update email today for 16.1.
6
15.7 Legacy Series / 501 served for HTTP_REFERER check inaccurate
« on: January 10, 2016, 08:55:09 pm »
Tried sending PM to franco but not seeing one as sent 
Discovered an inaccuracy in 501 served when alt hostname is not set/doesn't match with HTTP_REFERER check enabled.
System > Advanced as opposed to System > Settings > Admin Access
Discovered an inaccuracy in 501 served when alt hostname is not set/doesn't match with HTTP_REFERER check enabled.
System > Advanced as opposed to System > Settings > Admin Access
7
15.7 Legacy Series / Re: Access of Internal WEB Server via both LAN and WAN
« on: December 24, 2015, 01:52:30 pm »
Split DNS is what you're looking for:
https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks
You can set this up under Services > DNS Forwarder > Host Overrides section towards bottom of page.
https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks
Quote
NAT Reflection employs techniques to redirect these connections if required. Split DNS is usually the better way if it is possible on a network because it allows for retaining of the original source IP and avoids unnecessarily looping internal traffic through the firewall.
You can set this up under Services > DNS Forwarder > Host Overrides section towards bottom of page.
8
15.7 Legacy Series / Re: [SOLVED] SNMP monitoring w/Zenoss 4.2.5
« on: December 15, 2015, 01:10:04 am »
I am not running Zenoss on the same box. My issue was that I wasn't getting adequate info via SNMP from my opnsense box in Zenoss (running on it's own as VM). Somehow, not sure why, Zenoss started modeling my opnsense box 'properly' to where all interfaces are being graphed which is all I was really after.
9
15.7 Legacy Series / Re: SNMP monitoring w/Zenoss 4.2.5
« on: December 13, 2015, 10:10:27 pm »
Just as an aside given the removal of RRD graphs for those that are looking at external solutions Zenoss started collecting interface info and graphing on November 13th @ 3AM and has since. Not sure why as I gave up trying to get it to work around the time I posted this. Maybe a forced reboot after a firmware update had something to do with it.
10
15.7 Legacy Series / [SOLVED] SNMP monitoring w/Zenoss 4.2.5
« on: September 26, 2015, 09:33:45 pm »
Anyone have experience with monitoring Opnsense w/Zenoss? I have tried both SSH and SNMP monitoring but prefer SNMP though neither suit my needs as of now. I have it enabled and am able to collect very basic info like rocummunity, location, contact etc but am missing snmp_ucd. I have built from source myself and have the module loaded yet still am seeing 'No value returned for configured OIDs' event in Zenoss.
I am not as familiar w/freebsd as I am w/ linux but have used these sources to get started:
http://virtuallyhyper.com/2013/03/monitor-different-systems-with-zenoss/
http://community.zenoss.org/docs/DOC-9132
Any help is appreciated.
I am not as familiar w/freebsd as I am w/ linux but have used these sources to get started:
http://virtuallyhyper.com/2013/03/monitor-different-systems-with-zenoss/
http://community.zenoss.org/docs/DOC-9132
Any help is appreciated.
11
15.1 Legacy Series / Re: DNS Forwarder not working
« on: June 27, 2015, 10:01:10 pm »
Ok, after reboot had to start dnsmasq manually again. DNS Resolver not running and not asking to apply changes in gui / disabled. DNS Forwarder is enabled in gui too but just doesn't start.
EDIT: dnsmasq seems to get SIGTERM when restarting ANY service. Just adding/removing static DHCP lease killed it.
This is when starting service from Status > Services:
Static DHCP mappings also not being written to /etc/hosts.
EDIT: dnsmasq seems to get SIGTERM when restarting ANY service. Just adding/removing static DHCP lease killed it.
This is when starting service from Status > Services:
Code: [Select]
Jun 27 17:13:35 dnsmasq[19366]: FAILED to start up
Jun 27 17:13:35 dnsmasq[19366]: junk found in command lineStatic DHCP mappings also not being written to /etc/hosts.
12
15.1 Legacy Series / Re: DNS Forwarder not working
« on: June 26, 2015, 09:41:54 pm »
Are you sure the resolver is not running? Just had a forwarding issue myself after removing a manual dnsmasq entry for a secondary hostname. Service would not start after I saved and all my host overrides failed. Turns out unbound was running though disabled in gui with an apply button to save changes every time I went to Services > DNS Resolver.
I killed unbound and manually started dnsmasq and the service started. Though the resolver is disabled I am still prompted to save changes in gui under Services > DNS Resolver for whatever reason.
I killed unbound and manually started dnsmasq and the service started. Though the resolver is disabled I am still prompted to save changes in gui under Services > DNS Resolver for whatever reason.
13
15.1 Legacy Series / Re: [SOLVED] Cannot add widget to dashboard 15.1.10.2
« on: May 27, 2015, 12:45:05 pm »
This issue is still present with 15.1.11.1.
EDIT: False alarm. A restart of Fx and it works. Safari also working. Thanks!
EDIT: False alarm. A restart of Fx and it works. Safari also working. Thanks!
14
15.1 Legacy Series / Re: Cannot add widget to dashboard 15.1.10.2
« on: May 16, 2015, 01:16:36 pm »
Thanks for the update.
15
15.1 Legacy Series / [SOLVED] Cannot add widget to dashboard 15.1.10.2
« on: May 15, 2015, 09:43:56 pm »
OPNsense 15.1.10.2-amd64
FreeBSD 10.1-RELEASE-p9
OpenSSL 1.0.1m 19 Mar 2015
After upgrading from 15.1.10.1 to 15.1.10.2 I can no longer add widgets to dashboard. I am presented with the dialog to select widgets but the whole screen is greyed out as opposed to just the background being greyed out, as seen here:
https://wiki.opnsense.org/index.php/File:0012-widget_menu.png
I have attached what I see. I have tried on Windows & OSX in IE, Safari & FF.
FreeBSD 10.1-RELEASE-p9
OpenSSL 1.0.1m 19 Mar 2015
After upgrading from 15.1.10.1 to 15.1.10.2 I can no longer add widgets to dashboard. I am presented with the dialog to select widgets but the whole screen is greyed out as opposed to just the background being greyed out, as seen here:
https://wiki.opnsense.org/index.php/File:0012-widget_menu.png
I have attached what I see. I have tried on Windows & OSX in IE, Safari & FF.
Pages: [1]