Messages

151

18.7 Legacy Series / Re: Manual Outbound Spam fitler

« on: January 22, 2019, 03:28:03 pm »

Hi Bart,
Thank you so much for your answer, how is your outbound ( Hybrid or Auto ) ?
When i chose auto outbound it does not works, it route through the default WAN IP.
i have Hybrid Outbount with two created rules see attached

i am using port forwarding on the WAN side to the internal server  like the exchange OWA and port 25.
Do i have to remove those rules ? can i get it configure with port forwarding already on the WAN ?

i do have 34 Rules on the WAN side 25 to server 1 and server 2 and port 334 to server 1 and server 2.

and want to get the 1:1 so emails will be routed through the virtual IP.

152

18.7 Legacy Series / Re: Manual Outbound Spam fitler

« on: January 20, 2019, 06:48:47 pm »

You need to set up a 1:1 NAT for the spam server if you want it to have its own public IP for outbound traffic.

Bart...

Thanks Bart,
i am pulling my hair out to get this 1:1 nat configured
on NAT >>> one to one
i have created a BNAT see screenshot 1
after i created the rule on the WAN side to allow the smtp / https but it not working.

the outbound is Hybrid outbound NAT rule generation but i cannot seem to access the server behind on port 443 or smtp to it,

what am i doing wrong ?
are  Reflection for 1:1 and Automatic outbound NAT for Reflection relevant here ? because i do not have them enabled.

153

18.7 Legacy Series / Manual Outbound Spam fitler

« on: January 20, 2019, 04:00:58 am »

Dear all,
Our scenario is as next

Internet >>>> OPNSENSE>>>>> SPAM FILTER >>>> MAIL SERVER
MAIL SERVER IS using spam filter as it smarthost to send out emails.
SPAM filter has it own VIP which configured on the virtual ip 20.344.55.56
Default WAN of the OPNSESNE is . 20.344.55.50
Outbount is automatically.
whenever we send out email using spam filter as smarthost of the mail server it still uses the Default WAN IP of the OPNsense 20.344.55.50.
i tried to change outbount from automatically to manually and created a rules for this

Code: [Select]

WAN1  summitgrid_relay  *  *  *  20.344.55.50 *   Outbound NAT Rule for Email Relay
the internet stops working. i thought the rules will remain created when i change from auto to manual.
also the email still delevered from the default opnsese ip and not spam filter.

Can someone please advies how to get this fixed ?

Thank you

154

18.7 Legacy Series / Re: Floating Rules for GeoIP Country Blocking Not Working

« on: December 07, 2018, 09:07:37 am »

Curiousity hoe are you trying to block those countries ?
If you are gonna use a firewall rules on the wan make sure your firewall have enough resources.
I’ve tried it before and my firewall cpu was overloaded which causes voip phones issues

155

18.7 Legacy Series / Change Default IP

« on: November 30, 2018, 01:07:28 am »

Dear all,
We do have WAN1 Configured with Gateway up and running.
We have second WAN2 added as a physical interface.
We want to change our default WAN1 to be WAN2 as we wanna keep WAN1 for different service.

We do have one single Gateway.
can someone adviese how to do this ?

156

18.7 Legacy Series / Re: Can not ping OPNSense LAN Interface

« on: November 29, 2018, 10:44:21 pm »

yes I blocked Bogon Networks. Unchecked all blocks.
But no change in behavior, still not able to ping Lan interface

Can share a screenshot of your firewall rules on the WAN side ?

157

18.7 Legacy Series / Re: Can not ping OPNSense LAN Interface

« on: November 29, 2018, 10:04:00 pm »

Are you blocking Block private networks / Block begon networks on the WAN side ? this mostly the cause.
if you do, remove the block and stuff works.

158

18.7 Legacy Series / Re: Can not ping OPNSense LAN Interface

« on: November 29, 2018, 04:34:08 pm »

What are you outband rules ?
where are you ping to where ?

159

18.7 Legacy Series / Re: Can not ping OPNSense LAN Interface

« on: November 29, 2018, 03:13:02 pm »

Can you describe your scenario ?
is opnsense between your ISP modem ?

ISP Router >>>>>> OPNSENSE >>>>>> LAN NETWORK ?

have you checked your firewall rules ? on the LAN ?

160

18.7 Legacy Series / Re: Can not ping OPNSense LAN Interface

« on: November 29, 2018, 03:07:57 pm »

Hi all,

OPNSense runs fine but I have the Problem that I am not able to ping the FW LAN Interface (10.1.1.1) from within the local Network.

The Ping ist routed through the WAN Interface! Why?
Login in on the OPNSense Admin Interface at 10.1.1.1 works fine.

Here the traceroute:

traceroute to 10.1.1.1 (10.1.1.1), 30 hops max, 60 byte packets
 1  10.1.1.1 (10.1.1.1)  0.672 ms  0.446 ms  0.490 ms
 2  192.168.0.1 (192.168.0.1)  0.855 ms  0.877 ms  0.790 ms
 3  213-146-234-185.skytron.de (213.146.234.185)  3.467 ms  2.431 ms  2.202 ms
 4  10.255.2.116 (10.255.2.116)  3.402 ms  3.312 ms  3.223 ms
 5  10.255.7.97 (10.255.7.97)  3.156 ms !H  4.818 ms !H  4.734 ms !H

Any ideas?

please provide more info so we can help.
are you on a VPN ?
10.1.1.1    is this your lan ?
192.168.0.1  what is this ?

161

18.7 Legacy Series / Re: Site to Site after OPNsense and pfsense

« on: November 29, 2018, 11:06:37 am »

Thank you guys,
managed to get it fixed,
were building a tunnel with the same ip

were already using 10.13.0.0/24 in a different tunnel.

162

18.7 Legacy Series / ( Solved ) Site to Site after OPNsense and pfsense

« on: November 28, 2018, 11:17:51 pm »

Dear all,
I have been struggling to route traffic and running between opnsense and pfsense.
Opnsense is running 17.7.8
Pfsense is running 2.4.4
both box are running openvpn version 2.4.6_3
the tunnel is up on both sides, the issue is we cannot connect from location A to B and otherway arround.
this issue is mostly if the tunnel or remote ip are differents but i've checked them like 100 time.

Can someone please advies me how to get ths routing correctly set up.

Thank you so much

163

Intrusion Detection and Prevention / Re: Using Rulesets in Suricata IPS

« on: November 17, 2018, 02:18:36 am »

To determine the cause of the performance drop (probably a large ruleset containing patterns) I would suggest disabling all that contain patterns and then re-enable one by one.

Also ssl fingerprint rules are very consuming, this will likely be fixed with  Suricata 4.1 in the upcoming OPNsense 19.1 release.

So experimenting with enabling/disabling rulesets may be the best way to figure this out.

In general you need a performant multi core CPU for high throughput when a lot of pattern matching and/or ssl fingerprint rules are enabled.

When i disable the IPS and keeps those rules enabled the speed drops to 100%. i beleive the issue is IPS and not rules.
i have just 3 rules enabled now and speed is 500/500 without IPS, when IPS is on speed drops to 180/180 and sometimes 200/200.
Do we really need the IPS in the productions ?
CPU we are using is Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz (4 cores) and 8GB memory.

Thank you

164

Intrusion Detection and Prevention / Re: Performance tuning for IPS maximum performance

« on: November 17, 2018, 02:06:28 am »

I use the IPS mainly for my LAN/Guest VLAN since I want to detect malware. But I can understand that people also use it on front of their servers etc.
PS changing the networks from 3 private ranges to only 192.168.0.0/16 seems also to effect the bandwith (+/- 1 or 2 MB/s profit!)

Our internal LAN is trusted as its clean and we know what is running in the internal.
Do you mean we do not need to use IDS for this ? we do have some servers behind and want them to be protect

we keep having one alert from this IP 150.109.50.77 on port 25 in and out and the action is allowed

Code: [Select]

Timestamp 2018-11-17T01:58:28.386557+0100
Alert SURICATA SMTP data command rejected
Alert sid 2220008
Protocol TCP
Source IP 2.51.55.22
Destination IP 150.109.50.77
Source port 25
Destination port 35064
Interface wanany suggestions how to trade this alert ?

165

Intrusion Detection and Prevention / Re: Using Rulesets in Suricata IPS

« on: November 17, 2018, 01:49:31 am »

Thank you guys for the explaination.
We are using Opnsense in front of our production where we have some servers running including exchange server.
we have enabled those rules ( emerging-netbios.rules/emerging-web_client.rules )as advies in the first post using hyperscan and IPS Mode on however the speed drops -60%

is this a IPS issue or IDS/IPS issue ?
Thank you