16
General Discussion / Re: Serial image - MBR Only ??
« on: October 30, 2023, 09:17:56 pm »Hybrid means that you can turn UEFI on and off and the boot won't fail.
That's outright COOL
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Hybrid means that you can turn UEFI on and off and the boot won't fail.
I'm testing in a VM. And I have another VM through which I can access the GUI via LAN network.
I could in theory arrange for my PC to get on the LAN network behind OPNsense but that's not the point of the current exercise. The point is to understand why setting up direct access to GUI does not work.
/usr/local/opnsense/mvc/script/run_migrations.php
pluginctl -f OPNsense.Firewall.Alias
Do you want to flush this config property? [y/N]: y
Done. A backup was created and can be restored if needed.
Cannot find aliases <---- This one can be ignored - It's due to the Alias section delete's performed by the script
*** OPNsense\Firewall\Alias Migration failed, check log for details <---- Import Error
root@xxxx-fw-01:~ # opnsense-patch e4c857f0
Fetched 28df2b8fb via https://github.com/opnsense/core
So this would mean I would have to connect a client either directly to the OPNSense Box or connect a client to the switch that is connected to the OPNSense Box in order to access the WebUI, right?As it's setup right now .. Yes.
Is there a way to somehow enable access to the WebUI of OPNSense from clients that are connected directly to the FritzBox?Yes ...
This should not be a security concern since the OPNSense Box is not exposed directly to the Internet since its behind the FritzBox, correct?Depends on if you feel your FB Lan is "safe", if yes ... Then you have answered your own question
Thank you guys so much for your super fast replies.
So when I first assigned WAN to my upstream port the FritzBox DHCP successfully assigned an IP address to my OPNSense box.Wan is usually connected as close to the "Internet as possible" ... Here FB(ox)
Sadly I was not able to ping the OPNSense box nor access the WebUI via its DHCP assigned IP from any of the clients that are directly connected to the fritzbox.That is expected - You have a firewall, that won't allow anything "inbound" without being instructed to do so.
After I assigned LAN to the upstream port I was able to reach the WebUI from any of my directly connected FritzBox clients.Yes - LAN is normally allowing "any packets in" , as it is usually where the PC's would be connected.
Is there a reason for this behavior ?
Am I correct that in this network setup I can completely ignore the configured WAN port on my OPNSense firewall as it is just relevant if the OPNSense Box is directly connected to the Internet ?
Franco did some magic, and with a yet another patch, he made it possible to import the aliases section, directly from the pfS config file.