Messages

Thank you for the reply Franco.

DNS was set up in Setttings --> General with 2 servers pointing to US based servers (other countries banned in Suricata), but the servers don't keep records and are DNS-SEC capable. Maybe they're not 'mainstream' enough?

The firmware on both was working as expected prior to walking through the How-To to enable Transparent Bridge.

I'll try again with 16.7 using plain DNS providers like Google and OpenDNS to see if that changes anything. Thanks again!

All - Trying to set up a transparent bridge as per this document in the How-To section of the Wiki: https://docs.opnsense.org/manual/how-tos/transparent_bridge.html

I've followed directions using the 16.7 production and the 17.1 alpha software and have not met with success.

My setup: i5 quad with 8gb RAM, 240gb SSD, multiple Intel NICs. Cabled up as: DOCSIS 3 Modem --> WAN on opnSense box, LAN on opnSense box --> WAN on Asus AC68U, following the Wiki How-To precisely. I've also tried Modem-->WAN opn, LAN opn -->WAN Asus, Opt2 em2 as Mgt port on opn box --> LAN Asus, with WAN, LAN, Opt1 Bridge WAN/LAN, and Opt2 Mgt port bridged to Opt1 bridge.

I need to retain the AC68U for some features it provides, otherwise I'd set opnSense up as a router. I can get to the management console on opnSense with either cabling/setting scenario, but I cannot get outside. The opnSense sys cannot complete a firmware update check.  Prior to performing the instructions on the How-To, the system works as expected and Suricata & Country filter works.

Any assistance or a point in the right direction appreciated. TIA

Thank you for your reply. It has pointed me in a direction for more study - NAT.

As for firewall rules and devices behind the firewall needing a pass rule, being a home network and probably typical of 99.9% of all home networks, there's nothing that needs to present a face to the internet as yet. I'm not running a web server or streaming video or hosting torrents. I absolutely understand that there's no one 'right' setup for all. But there's probably a 'good' default solution for the home user. If we start with 'good' then the curious user can research over time and with increased use familiarity to get into the configuration intracacies.

Thank you again for your reply.

Let me suggest for discussion by the seniors and opnsense founders that you should consider providing a version, or an installation menu choice, that will meet the needs of 99% of the home network users like me that provides a good, basic firewall that works out of the box to pass internet to internal network without requiring someone knowing or finding a post that they have to tic the 'enable DNS forwarding' option (or similar) burried in the system settings to get it to work.  The major expansion in opnsense's user base will come from the unwashed newbs like me who recognize the need for improved security and don't know the first thing about how to enable it. IT professionals have already made their choice in open source firewall systems.

I'm new to firewalls, trying to install opnsense for my home network. I've installed opnsense - great and easy process. I'm ready to install openvpn tunnel, suricata and have already had some success with getting them going. But, because I have absolutely no experience with firewalls - I've simply relied on the home router/ap firewall - I don't know where to begin with the firewall rules.

I've spent several days scouring this site and others looking for an initial set of firewall rules that would be helpful for a home user with no experience, but have not been able to find a clear stepwise guide. The rules out there all appear to be additional setups for those who already have their set in place and want to enhance for additional function.

My request is this:

1) If I've missed an initial firewall rules setup guide, would you please list a link and I'll pursue it myself without additional bother to others. Out of the box it appears that opnsense doesn't have any basic rules and doesn't provide internet access and doesn't seem to provide a beginner's settings in the online documentation.

2) If one doesn't exist, would someone please give an example, then list the several modes that should be blocked by a home user? I've found one guide that suggests 'block all on WAN, then lists the various ports that should be opened on the LAN and have followed it, but I am unable to get internet access through. It seems there aren't any 'pass' rules in the WAN tab that allow anything through.

I just don't know where to start. But, I suggest there is a demand for a basic settings tutorial that gets it installed, basic rules in place, and passes internet. There are lots of people interested in doing this now. Check Kickstarter or Indegogo for the small, dedicated security appliances that are being funded because there isn't a simple 'how-to' for the basic home user to set up an opnsense firewall/appliance. They're all interested in a higher degree of security than what is offered by their router/ap.

If the reason something like this doesn't already exist is because the intent is to sell preconfigured appliances or consulting services please let me know and I'll go away. TIA