Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Messages - jl_678

#1
Hi,

I have a question about Netflow that is confusing.  So I have some local machines that were originally configured with DHCP.  The machines in question received IP's dynamic IP's and one of them was .240.  Since that machine contained a webserver, I decided to turn off DHCP and set it to a static IP of .30.  The strange thing is that the DHCP IP address of .240 is still listed in the DHCP server client list and Netflow is showing traffic on that IP.  Yet if I  go to the system in question, it is statically assigned .30 and .240 is nowhere to be found.

This may be normal behavior, but I am confused by it.  Why wouldn't Opnsense attribute traffic originating from .30 as from .30 versus from the unused .240 address?  Also, why does Opnsense show the client as active with .240 when that IP is not actually used?

I appreciate any insights that  anyone can share.

TIA!
#2
17.7 Legacy Series / Re: External traffic analysis tool
November 21, 2017, 03:42:16 AM
That Free Solarwinds tool looks very interesting.  I will check it out.  Thank you.
#3
Excellent.  Thank you for the update.
#4
17.7 Legacy Series / Re: External traffic analysis tool
November 20, 2017, 04:09:01 AM
Hi,

Thank you.  That looks like a tool that replaces the bandwidth reporting by Opnsense.  My goal is actually to find something that you can use the data exported by Opnsense to run different analyses on the data versus replacing the traffic analysis data with something else.  I suppose that I could do my own data analyses with something like Python, but I was hoping that someone had already developed something.

Thank you.
#5
17.7 Legacy Series / External traffic analysis tool
November 19, 2017, 04:51:51 PM
Hi,

I like the analytics in Opnsense and am thinking about performing additional traffic analytics.  (Trying to review data usage by LAN client and understand the trends and those clients that might be using more than expected.)

Can anyone recommend an opensource tool that might help with this?  It would need to understand the exported data from Opnsense and ideally allow for more detailed analytics in an easy to use fashion.

Thank you in advance.
#6
Hi,

I love the Network Insight took and the visibility that it gives me into bandwidth usage.  However, I have a couple of questions:

1. The view always to defaults to WAN when I visit the page.  Can I switch it to default to LAN since that is the information that I am most interested in?

2. Everything is listed by IP which is fine, but it is hard to recall which IP is associated with which device.  Is there any way to map a friendly name with these IPs and report on that?  For example, map 10.0.1.14 to "HomePC" and then have Network insight show "HomePC" instead of the IP.

TIA
#7
I would explore the DNS override option.  It worked really well for me and is actually very simple to configure.
#8
Hi,

So I was exploring the dual DNS thing and it was really easy to implement.  You simply go to your DNS settings (either DNS Masq or Unbound) and set an override for the internal webserver.  In my example, it looked something like this:

host: foo2
domain: bar.com
(for Unbound) -> Type A
IP: 10.0.0.20

With those settings, it worked perfectly and there was no need to change the GUI port or anything.
#9
17.7 Legacy Series / Re: Accessing an internal webserver
November 14, 2017, 03:14:55 AM
Unfortunately, the NAT reflector thing did not work for me. I have no idea why. I posted on that thread.
#10
Update: I solved this using a DNS override.  It worked very well and so am not worried about the fact that this one did not.  My solution is in this thread.

Hi,

Unfortunately, this solution does not work for me.  I followed the instructions exactly and find that the browser times out accessing the public URL while inside the firewall. I am not sure what I am doing wrong since I followed the directions exactly.

Quick update: the external rule works as I can access the web server externally without a problem.
#11
17.7 Legacy Series / Re: Accessing an internal webserver
November 13, 2017, 05:17:03 PM
Okay, I will explore that.  Thank you. 

For future reference, I created a temporary workaround.  Specifically, I enabled port-based web-hosting for foo2.bar.com.  In this scenario, I created another vHost inside of Apache and set foo2.bar.com to be accessible by going to https://10.0.0.20:8080.

This is not the ideal solution and is a bit of a hack.  I will look at the internal DNS server option.

Thank you.
#12
Update: See last post for the simple solution

Hi,

I just installed Opnsense and things are working well.  However, I have encountered an unexpected issue.  Here is what I am seeing:

I used named-based web-hosting and so my external hostname is both foo.bar.com and foo2.bar.com.  These go to the same server and Apache uses the DNS to send me to the right site and SSL is in use.

If I am on an external network, I can access foo2.bar.com without an issue.  This is through port 443 and https, and I have a rule setup allowing access to an internal server say 10.0.0.20.

The problem occurs if I am on my internal network.  Now, let's say that I want to access the foo2.bar.com SSL site on 10.0.0.20.  The first thing that I try is to go to foo2.bar.com.  However, this does not work.  I think that the problem is due to DNS resolving the public IP and then Opnsense trying to send the GUI which creates an error.  Going to https://10.0.0.20 does not work because it provides the foo.bar.com website and not foo2.bar.com.

I tried changing the GUI to a different port and now the internal requests to foo2.bar.com time out.  What can I do to enable access to foo2.bar.com?

Thank you!
#13
17.7 Legacy Series / Re: Newbie questions
October 20, 2017, 01:46:50 PM
Hi,

Thank you both for your thorough responses.  They are much appreciated.  The idea of using ESXi is an interesting one that I need to think about more....
#14
17.7 Legacy Series / Newbie questions
October 19, 2017, 07:28:21 PM
Hi,

I have decided to go down the path of building a homebuilt router and purchased an embedded server with 8GB of RAM, a Celeron 3150U and 128GB SSD.  I have a few questions that I hope knowledgeable folks could answer:

1. I noticed questions about 32bit vs 64bit.  Does this imply that Opnsense will not support anything beyond 4GB of RAM?  I assume that 8GB will not be an issue, but that I will just not use half of it.  Is that correct?

2. I am using this for a home firewall and so want web filtering.  Ideally, I would like to customize filtering so that some devices are strongly filtered and others are not filtered at all.  Is that possible?

3. As a follow-on to #2, I am thinking about Proxy configuration.  I have some IOT devices that don't natively support proxies.  My assumption is that I can set rules to allow certain IPs to bypass the proxy, correct?  Also will we need manual proxy configuration on all clients?

TIA for any thoughts.

JL