Messages

541

16.7 Legacy Series / Re: Nat is not working

« on: July 28, 2016, 10:22:24 am »

How do you test it? From inside LAN (via NAT reflection)? Or from an address in the same subnet as WAN? Or from a "real" outside IP?
Check if you set any upstream gateways.

thank you for your answer.
i test it from inside and outside the office.
the internet is working everything is working fine without up link i won't be online.
i need to forward port  to the exchange, do i have to nat it or just create a rule on the WAN side and forward it to the exchange ?

542

16.7 Legacy Series / Re: Nat is not working

« on: July 27, 2016, 10:18:21 pm »

I am back again,
when I try to access the webserver its not load and I see the block on the firewall logs.
why its blocking it ? even there is a pass rule on the WAN side ?
is this related to the vmx3 ? VMware tools ?

543

16.7 Legacy Series / Re: Switch from 32bit to 64bit release?

« on: July 27, 2016, 09:47:35 pm »

Take a backup of your configuration
do a fresh install and restore the configuration.

544

16.7 Legacy Series / Re: Nat is not working

« on: July 27, 2016, 06:49:04 pm »

Hi Julien,

Does your setup use custom gateways, multi-WAN or a config.xml import from pfSense itself?

I have this up and running on my end, so there is some hidden complexity we're not seeing yet.


Cheers,
Franco

Hi Fraco,
There is no multi-wan or import.
Its a new installation.
Simple port https is forward to the exchange on the LAN
The only think I can compare is there is no VMware tools installed, and nice are vmx3 and not e1000.
I thought I'll wait until the servers are back online to get the VMware tools installed.

545

16.7 Legacy Series / [SOLVED] Nat is not working

« on: July 27, 2016, 01:39:52 pm »

Hi Guys,
i am on OPNsense 16.7.r2-amd64 first migration from Pfsense to OPNsense.
i can't seem to have port 443 working .
between the OPNsense and the internet there is a ISP router which is forwarding the port 443 to the pfsense IP. the Pfsense is NAT the port 443 to the LAN exchange.
we turned off the Pfsense and turned on the OPNsense, the OPNsense has the same WAN/LAN as Pfsense but the port 443 is not working on the firewall.
turn the opnsense off and turn the pfsense on stuff start working.

can someone point me to the right direction ?

546

16.7 Legacy Series / Re: Vmware tools error out

« on: July 27, 2016, 01:27:16 pm »

The repositories are temporarily blocked until the release of 16.7 tomorrow, you can find this answer from Franco if you search the forums.

thank you man.
i'll wait for the release tomorrow.
mucht appreciate it

547

16.7 Legacy Series / [SOLVED] Vmware tools error out

« on: July 27, 2016, 01:02:05 pm »

Hi Guys,
today have installed the OPNsense 16.7.r2-amd64 on a ESXI 6.0U2
however after trying to install the Vmware tools get the below error
root@firewall:~ # pkg install os-vmware
Updating OPNsense repository catalogue...
pkg: http://pkg.opnsense.org/FreeBSD:10:amd64/16.7/latest/meta.txz: Not Found
repository OPNsense has no meta file, using default settings
pkg: http://pkg.opnsense.org/FreeBSD:10:amd64/16.7/latest/packagesite.txz: Not Found
Unable to update repository OPNsense
All repositories are up-to-date.
pkg: Repository OPNsense cannot be opened. 'pkg update' required
pkg: No packages available to install matching 'os-vmware' have been found in the repositories
root@firewall:~ #

548

16.1 Legacy Series / Re: Migrate from PFsense to OPNsense

« on: July 25, 2016, 09:31:26 pm »

Hi Guys,
I am more interested in migrating the OPENVPN users and certificate.
Firewall rules can reconfigure them.
I have backed up the openvpn configuration and upload it to a new OPNsense, unfortunately the users and certificate did not  shows up even after couple of reboot.
Am I supposed to do something after import is successfully ?

549

16.1 Legacy Series / Re: [SOLVED] Routing apple Bonjour

« on: July 25, 2016, 09:12:16 pm »

Guys a big thank you for this.
I am going to continue contributing on the community to share and learn.

550

16.1 Legacy Series / Re: I'm doing something wrong, can't figure out what

« on: July 25, 2016, 06:12:27 pm »

i beleive you are ona RJ45 internet connected to the OPNsense Firewall,
You have NAT the port 443 to the WAN IP of the VM OPNSENSE ?
Arent you using port 443 for the anti-lock ?

551

16.7 Legacy Series / Re: memstick not booting on Asus AM1 board. Screwy UEFI implementation?

« on: July 25, 2016, 01:30:00 pm »

i just got this installed last week on one of SUS UEFI Mobo,
download de VGA version and change your bios from AHCI to sata.

552

16.1 Legacy Series / Re: I'm doing something wrong, can't figure out what

« on: July 25, 2016, 12:25:05 pm »

Just to Clarify, what is between the Internet and the OPnsense VM Firewall ? ISP Router ?

553

16.1 Legacy Series / Re: Routing apple Bonjour

« on: July 25, 2016, 10:51:17 am »

Hi Guys,
i managed to get this fxed.
let me explain what happens,
i have created a group of the productions LAN and VLANS.
i've traced the Airprint package using wireshark and figured out there was deny rule.
so checked the firewall rules and found out that the Productions interface doesn't have a Allow Any to Any, just on each interface.
Because on Pfsense it does Works and OPNSENSE not, so i compared the configuration and i noticed the different between the setup of Pfsense and Opnsense is the group of the Interfaces.
after i created any to any rules on the productions interface printers shows up on the iPads/iPhone.
even the bonjour services is working now.
i dont know if it does works out of the box or mdns-rep package does the job.

so to sum up :

it's working now thank you guys for your support. and no 5353    UDP is open or NAT to the printer
i am ready to provide any log/informatie needed to help you guys understand the idea behind.

when creating a group of interfaces, does the rules on the interface side apply as first than the group firewall rules ?

554

16.1 Legacy Series / Re: Routing apple Bonjour

« on: July 25, 2016, 08:50:19 am »

I think we night to solve the problem of not detecting the AirPrint printers first. Regardless of your firewall settings, the iPads on the other VLANs should be able to see them via mdns-responder. The might have issues connecting, but they should detect them.

An alternative to mdns-responder would be to use say a Raspberry Pi running avahi. You could connect the RPi to your switch and create a tagged trunk line from that port to the RPi. The RPi can be configured to be VLAN aware. Then configure avahi to run in reflector mode, specify the VLAN interfaces and Bob's your uncle. That's what I had running before moving to a VM.

It's easy.

thank you man for your continu support.
we have OPNsense at a local customer , i can go there and get mdns-responder configured.
i'll report back in 30 min

555

16.1 Legacy Series / Re: Routing apple Bonjour

« on: July 24, 2016, 11:46:55 pm »

Hi Julien,

Which version, 2.3 or 2.2 or possibly both? See, we've learned something here.

Are you sure you're not missing vital info like the setup of IGMP-Proxy? A full working config would certainly help to spot this.


Cheers,
Franco

Hi Franco,
The version is 2.3.1-RELEASE-p5 (amd64)
built on Thu Jun 16 12:53:15 CDT 2016
FreeBSD 10.3-RELEASE-p3

I can provide you the config no problem, I've spend my Sunday in Germany rebuilding the OPNsense to PFsense.
We are willing to keep using OPNsense, for Windows users we have no issue with the other 4 customers, but those two MAC users become a issue.
If the multicast is not working between the VLANS on OPNSense, and I have managed to get those sales iPads and iPhones on the same VLAN as the Printers , would this works ?
What configures do you need? Let me know and I'll export it for you