Topics

My ISP has started offering IPV6 and I'm trying it out. I am having an issue where I can't seem to start the DHCPv6 server an gets the log filled with below errors:

Code Select Expand

opnsense: /status_services.php: The command '/usr/local/sbin/dhcpd -6 -user dhcpd -group dhcpd -chroot /var/dhcpd -cf /etc/dhcpdv6.conf -pf /var/run/dhcpdv6.pid igb0' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.4.1 Copyright 2004-2018 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ /etc/dhcpdv6.conf line 10: expecting a parameter or declaration authoritative; ^ Configuration file errors encountered -- exiting If you think you have received this message due to a bug rather than a configuration issue please read the section on submitting bugs on either our web page at www.isc.org or in the README file before submitting a bug. These pages explain the proper process and the information we find helpful for debugging. exiting.'
I don't have anything set int he DHCPv6 settings fore the LAn other than enabling it with " Enable DHCPv6 server on LAN interface".
The DHCP6 service simply refuse to start with above errors.

Hi
I would like to create a restricted port forward based on a dynamic source IP address. This IP address will be identified by myhostname.no-ip.com (which may change from time to time by ISP)

I want to create a portforward rule to be able to remotely connect to a server behind the firewall. However I want to lock it down to to whatever the IP myhostname.no-ip.com happens to currently resolved to.
I looked at creating an Alias but it didn't seem to accept myhostname.no-ip.com as an entry.
I know that this is possible with other firewall. How do I go about doing this.
Thank you.

What is the current best / recommended way to add multiple additional WAN IPs. We are given some extra WAN IP in the form of 2 separate /29.

I want to be able to accept incoming traffic to those IP and direct specific ports to some services living on different internal IPs.

So far I've only managed to do 1:1 NAT to one of the internal IP. However this locks this single extra IP to a single internal IP (1:1) so I can't direct different services to different internal IP. This limit the usability of the extra IPs.

On our old firewall (Sophos UTM) we were able to add the additional IP to the WAN interface and then do 1:1 NAT or port port forward for single port or multiple port to one or more internal IP as needed. Also used masquerading to route out going traffic for internal IP to go via specific public IP.

Thanks.

After adding a new external IP to the WAN using 1:1 NAT I keep getting the below error popping up. I have no idea how to fix it. However everything seems working ok!

Code Select Expand

opnsense: /usr/local/etc/rc.filter_configure: New alert found: There were error(s) loading the rules: /tmp/rules.debug:52: invalid use of table <ACMAUS_Helspot_Internal_IP> as the source address of a binat rule - The line in question reads [52]: binat on igb1 from $ACMA_Helspot_Internal_IP to any -> 59.xx.xx.xx

Thanks.