Messages

Thanks for update. Working on Debian 7.9 w/python 2.7.3.

Under Services > DNS Forwarder towards the bottom of the page find the Host Overrides section.

Click on the plus sign to add an override. Enter the hostname & domain for public domain that you are trying to access. In my case I use service.dyndns.org so hostname = service, domain = dyndns.org. Then add local IP of the machine that service is hosted and a description. You can also add different aliases for this host at the bottom of the dialog. Creating these DNS entries will autogenerate firewall rules on the WAN interface for NAT.

Your internal hosts will now use this local DNS config to find your published services using the same URL that internet clients would use.

Packet capture on WIFI

14:51:20.008479 IP 192.168.3.210.35372 > 192.168.2.110.445: tcp 0

For your rules I would remove the last 2 entries on WIFI net for LAN net and leave just the WIFI net to any dest enabled and try to get to both your LAN and WAN. If that works add a block from src WIFI net to LAN net. This should still allow WAN and remove access to LAN.

Then, after that block rule you can make an exception for your WIFI device you want access to LAN device by both assigning static DHCP lease and then creating a rule to allow that src IP on WIFI net to your pc IP on LAN net only.

Again, do this between the block rule to LAN net and the "default" allow rule from WIFI net to anywhere.

When clicking on source IP in firewall widget (Reverse resolve with DNS) I am seeing this since 16.1 was released:

http://postimg.org/image/sqipoi60v/

Thanks for this. Confirmed on Debian wheezy. Got an update email today for 16.1.

Tried sending PM to franco but not seeing one as sent  ???

Discovered an inaccuracy in 501 served when alt hostname is not set/doesn't match with HTTP_REFERER check enabled.
System > Advanced as opposed to System > Settings > Admin Access

Split DNS is what you're looking for:

https://doc.pfsense.org/index.php/Why_can't_I_access_forwarded_ports_on_my_WAN_IP_from_my_LAN/OPTx_networks

NAT Reflection employs techniques to redirect these connections if required. Split DNS is usually the better way if it is possible on a network because it allows for retaining of the original source IP and avoids unnecessarily looping internal traffic through the firewall.

You can set this up under Services > DNS Forwarder > Host Overrides section towards bottom of page.

I am not running Zenoss on the same box. My issue was that I wasn't getting adequate info via SNMP from my opnsense box in Zenoss (running on it's own as VM). Somehow, not sure why, Zenoss started modeling my opnsense box 'properly' to where all interfaces are being graphed which is all I was really after.

Just as an aside given the removal of RRD graphs for those that are looking at external solutions Zenoss started collecting interface info and graphing on November 13th @ 3AM and has since. Not sure why as I gave up trying to get it to work around the time I posted this. Maybe a forced reboot after a firmware update had something to do with it.

Anyone have experience with monitoring Opnsense w/Zenoss? I have tried both SSH and SNMP monitoring but prefer SNMP though neither suit my needs as of now. I have it enabled and am able to collect very basic info like rocummunity, location, contact etc but am missing snmp_ucd. I have built from source myself and have the module loaded yet still am seeing 'No value returned for configured OIDs' event in Zenoss.

I am not as familiar w/freebsd as I am w/ linux but have used these sources to get started:

http://virtuallyhyper.com/2013/03/monitor-different-systems-with-zenoss/
http://community.zenoss.org/docs/DOC-9132

Any help is appreciated.

Ok, after reboot had to start dnsmasq manually again. DNS Resolver not running and not asking to apply changes in gui / disabled. DNS Forwarder is enabled in gui too but just doesn't start. 

EDIT: dnsmasq seems to get SIGTERM when restarting ANY service. Just adding/removing static DHCP lease killed it.

This is when starting service from Status > Services:

Code Select Expand

Jun 27 17:13:35 dnsmasq[19366]: FAILED to start up
Jun 27 17:13:35 dnsmasq[19366]: junk found in command line

Static DHCP mappings also not being written to /etc/hosts.

Are you sure the resolver is not running? Just had a forwarding issue myself after removing a manual dnsmasq entry for a secondary hostname. Service would not start after I saved and all my host overrides failed. Turns out unbound was running though disabled in gui with an apply button to save changes every time I went to Services > DNS Resolver.

I killed unbound and manually started dnsmasq and the service started. Though the resolver is disabled I am still prompted to save changes in gui under Services > DNS Resolver for whatever reason.

This issue is still present with 15.1.11.1.

EDIT: False alarm. A restart of Fx and it works. Safari also working. Thanks!

Thanks for the update.

OPNsense 15.1.10.2-amd64
FreeBSD 10.1-RELEASE-p9
OpenSSL 1.0.1m 19 Mar 2015

After upgrading from 15.1.10.1 to 15.1.10.2 I can no longer add widgets to dashboard. I am presented with the dialog to select widgets but the whole screen is greyed out as opposed to just the background being greyed out, as seen here:

https://wiki.opnsense.org/index.php/File:0012-widget_menu.png

I have attached what I see. I have tried on Windows & OSX in IE, Safari & FF.