136
General Discussion / Re: Forward email and web services
« on: December 05, 2022, 05:27:45 pm »
Anyone?
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
137
General Discussion / Forward email and web services
« on: December 03, 2022, 08:00:20 pm »
Hi all,
I have two internet modems. The faster one, 1GB down/50 up is a residential dynamic address and the slow one, 40G down/10g up, has a business static IP. The ISP on the residential service blocks port 25 and 80. I need help in figuring out best way to forward or redirect these incoming ports from the static IP's to the faster dynamic service. I currently have a web and email server running on the static IP. The goal is to get as much performance as I can using the faster service. I already use SSL with ports 465, 993, 443 and restrict all email clients to these ports. It just the incoming port 25 and 80 that I am not sure the best way to deal with. I know I can easily NAT incoming 465, 993, 443 from the dynamic service, but what is the best way to handle the restricted ports.
Thanks to all.
Dan
I have two internet modems. The faster one, 1GB down/50 up is a residential dynamic address and the slow one, 40G down/10g up, has a business static IP. The ISP on the residential service blocks port 25 and 80. I need help in figuring out best way to forward or redirect these incoming ports from the static IP's to the faster dynamic service. I currently have a web and email server running on the static IP. The goal is to get as much performance as I can using the faster service. I already use SSL with ports 465, 993, 443 and restrict all email clients to these ports. It just the incoming port 25 and 80 that I am not sure the best way to deal with. I know I can easily NAT incoming 465, 993, 443 from the dynamic service, but what is the best way to handle the restricted ports.
Thanks to all.
Dan
138
22.7 Legacy Series / Re: Unbound DNS Overrides issue
« on: November 06, 2022, 09:16:35 pm »
Further research showed that using a description with a host wildcard causes issues. Also, one of the domains on the server did not use SNI. doing both of these, recreating the DNS Override records, and restarting the firewall seems to have resolved the issue. So far
Another thing to note is the original issue of not opening websites locally was only present on the Windows 2016 servers and not the Windows 2022 server. Not sure why that is.
Another thing to note is the original issue of not opening websites locally was only present on the Windows 2016 servers and not the Windows 2022 server. Not sure why that is.
139
22.7 Legacy Series / Unbound DNS Overrides issue
« on: November 06, 2022, 07:21:23 pm »
I am using v22.7.7_1
It all started when I could not open websites from my servers locally. They open fine on the outside internet. So I tried some rules and made sure NAT reflection was enabled. All didn't work. Then I added those website domains to Unbound DNS Overrides. They worked locally now. But I later realized that my other servers were no longer getting emails and some websites no longer worked outside my local network. These domains were not added to the overrides since they had no issues. All these servers are on different subnets within the OPNsense firewall. Also the WiFi access point DHCP devices could not connect to the internet. I disabled the overrides and everything is back to the way it was when I started.
Do I need to add all domains to the overrides, or did I need to do something else? I did not add any new rules, just the overrides. Why would overrides for specific domains affect other operations? Any suggestions are greatly appreciated.
Thanks
It all started when I could not open websites from my servers locally. They open fine on the outside internet. So I tried some rules and made sure NAT reflection was enabled. All didn't work. Then I added those website domains to Unbound DNS Overrides. They worked locally now. But I later realized that my other servers were no longer getting emails and some websites no longer worked outside my local network. These domains were not added to the overrides since they had no issues. All these servers are on different subnets within the OPNsense firewall. Also the WiFi access point DHCP devices could not connect to the internet. I disabled the overrides and everything is back to the way it was when I started.
Do I need to add all domains to the overrides, or did I need to do something else? I did not add any new rules, just the overrides. Why would overrides for specific domains affect other operations? Any suggestions are greatly appreciated.
Thanks
140
22.7 Legacy Series / Re: Access website locally on different subnets
« on: October 13, 2022, 11:35:54 pm »
Using the LAN address does not work because of the https requirement. When I browse in IIS it resolves to the sitename. There are no overrides in DNS Unbound for my server on 192.168.20.5, and that seems to work ok locally. I did try to add a hosts entry for it. no go.
I can do a diagram if I see an example of how that is to be presented.
I can do a diagram if I see an example of how that is to be presented.
141
22.7 Legacy Series / Re: Access website locally on different subnets
« on: October 13, 2022, 11:23:47 pm »
I can use the URL https://<sitename> in a browser on the server or remotely and it works. Just not on any other local subnet in OPNsense.
I even tried toggling NAT Reflection in the NAT rule.
I even tried toggling NAT Reflection in the NAT rule.
142
22.7 Legacy Series / Re: Access website locally on different subnets
« on: October 13, 2022, 10:57:01 pm »
On the server that I cannot locally access websites, I can access the files via SMB or remote in and can also ping the local and WAN IP's. The system is fully accessible locally except for the websites. I looked close at IIS and see nothing obvious there.
I can also Browse the Website within IIS. Just not on any computer on a different Local subnet
I can also Browse the Website within IIS. Just not on any computer on a different Local subnet
143
22.7 Legacy Series / Re: Access website locally on different subnets
« on: October 13, 2022, 10:40:41 pm »
Windows firewall is disabled on both servers.
144
22.7 Legacy Series / Re: Access website locally on different subnets
« on: October 13, 2022, 10:34:13 pm »
Rules between the two in OPNsense are identical. Both are HTTPS connections and the IIS bindings are also identical. Both servers have a NIC going to the same subnet as the Local LAN @ 192.168.100.x. These are tested as I can get to either servers files. I actually have two different websites on the server that works. Both websites are accessible locally from that server. The LAN rules are the simple default rules.
Any ideas?
Any ideas?
145
22.7 Legacy Series / Access website locally on different subnets
« on: October 13, 2022, 08:59:00 pm »
I did some searching around and could not find an answer to this.
I have a website on 192.168.1.101 and can access it on that server and remotely, but cannot access it from other subnets on the same network. ie, 192.168.100.5. I have NAT Reflection turned on. I have another webserver @ 192.168.20.5 that I can get to from any subnet or remotely. Both servers use IIS 10 and have their own WAN IP.
I don't have any special rules for the server that works. Any Help would be appreciated.
Thanks for looking.
I have a website on 192.168.1.101 and can access it on that server and remotely, but cannot access it from other subnets on the same network. ie, 192.168.100.5. I have NAT Reflection turned on. I have another webserver @ 192.168.20.5 that I can get to from any subnet or remotely. Both servers use IIS 10 and have their own WAN IP.
I don't have any special rules for the server that works. Any Help would be appreciated.
Thanks for looking.
146
22.1 Legacy Series / Re: Warning on Intrusion Detection logs
« on: September 16, 2022, 07:52:24 pm »
This issue has been around for a while. You can temp fix it by going to
/usr/local/opnsense/service/templates/OPNsense/IDS/suricata.yaml
and adding these protocols to app-layer section then reboot, but it just reverts back after an update.
My personal opinion is those protocols are just not ready yet. You can ignore the error.
/usr/local/opnsense/service/templates/OPNsense/IDS/suricata.yaml
and adding these protocols to app-layer section then reboot, but it just reverts back after an update.
My personal opinion is those protocols are just not ready yet. You can ignore the error.
147
22.7 Legacy Series / Re: Update problems with latest stable version
« on: September 12, 2022, 07:09:44 pm »
System>Firmware>Status>Run an Audit>Health To find the problem packages
Then to fix the packages
System>Firmware>Packages Find the package, then on the right side 'Reinstall'
Had to do this on three OPNsense boxes. The latest updates didn't take until I reinstalled these packages. Then everything worked normally.
Then to fix the packages
System>Firmware>Packages Find the package, then on the right side 'Reinstall'
Had to do this on three OPNsense boxes. The latest updates didn't take until I reinstalled these packages. Then everything worked normally.
148
22.7 Legacy Series / Re: Update problems with latest stable version
« on: September 10, 2022, 07:57:05 pm »
Ran an audit and got this
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 22.7.3_2 (amd64/OpenSSL) at Sat Sep 10 10:55:29 MST 2022
>>> Check installed kernel version
Version 22.7.3 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 22.7.3 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense
>>> Check installed plugins
os-dmidecode 1.1_1
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 63 dependencies to check.
Checking packages: ......................
openssl-1.1.1q,1 has no upstream equivalent
Checking packages: ..
opnsense-22.7.3_2 version mismatch, expected 22.7.4
Checking packages: ......................................
syslog-ng-3.37.1 version mismatch, expected 3.38.1
Checking packages: ... done
***DONE***
So I reinstalled the two version mismatches, now I am at 22.7.4 and updates are now working.
***GOT REQUEST TO AUDIT HEALTH***
Currently running OPNsense 22.7.3_2 (amd64/OpenSSL) at Sat Sep 10 10:55:29 MST 2022
>>> Check installed kernel version
Version 22.7.3 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 22.7.3 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check installed repositories
OPNsense
>>> Check installed plugins
os-dmidecode 1.1_1
>>> Check locked packages
No locks found.
>>> Check for missing package dependencies
Checking all packages: .......... done
>>> Check for missing or altered package files
Checking all packages: .......... done
>>> Check for core packages consistency
Core package "opnsense" has 63 dependencies to check.
Checking packages: ......................
openssl-1.1.1q,1 has no upstream equivalent
Checking packages: ..
opnsense-22.7.3_2 version mismatch, expected 22.7.4
Checking packages: ......................................
syslog-ng-3.37.1 version mismatch, expected 3.38.1
Checking packages: ... done
***DONE***
So I reinstalled the two version mismatches, now I am at 22.7.4 and updates are now working.
149
22.7 Legacy Series / Re: Update problems with latest stable version
« on: September 10, 2022, 07:46:24 pm »
tried those command and both responded with 'nothing to do'
I even tried changing the mirror from default to a closer server.
Thank goodness doesn't seem to affect firewall operation.
I even tried changing the mirror from default to a closer server.
Thank goodness doesn't seem to affect firewall operation.
150
22.7 Legacy Series / Re: Update problems with latest stable version
« on: September 10, 2022, 07:43:05 pm »
Also get this message
Repository OPNsense has a wrong packagesite, need to re-create database
Hangs at that point.
Repository OPNsense has a wrong packagesite, need to re-create database
Hangs at that point.