Messages

I still have not been successful in sending syslogs to my server

Also, make sure under System > General you have DNS servers such as 1.1.1.1 or 8.8.8.8

Can you just whitelist it?

The correct format is:

Interface: WAN
TCP/IP: IPv4
Protocol: TCP
Destination: This Firewall (This is a must)
Destination Port Range: The port you are hitting from outside the network
Redirect Target IP: IP of the host within the network
Redirect Target Port: Port you are accessing on the host within your network

Set it up like this under NAT > Port Forwarding

I would highly recommend using firewall aliases, an alias for your host and an alias for the port.  Makes things much easier to read and understand down the road when you ask yourself why you needed the port forward.  And of course a good description :D

Edit: Leave everything else default, I would delete your previous rule and add one like this

Thanks!  I only ask because I am using DNS over TLS for all ipv4 requests but I most likely am leaking ipv6 since I am tracking WAN and therefore using my ISP ipv6 dns I would assume.

Would this work with IPV6 as well? Thank you so much for the tutorial, set this up last night and it works very well.

Hey you guys do whatever! I was pretty surprised how much the pfsense team went after that. They really have no room to talk, every time I think about installing pfsense on a device I just remember the childish behavior of the devs and move right along.

Am I correct in assuming the dev version mirrors the master branch on github?

I am running my instance in docker, Id assume this would only work on a non-docker host.

I have the same issue, basically running suricata kills my opnsense box, forcing a hard reboot.  Im working on a suricata server I can pass all traffic through.  Does not look like it was meant to be.  Pfsense has this same issue, but the rules are much much easier to add/remove/suppress.  My solution is to spin up another server running a dedicated IDS firewall such as simplewall/SELKS/bare metal suricata (or even pfsense just running suricata), and pass the data to another server running ELK stack.  So Modem > Opnsense Firewall > IDS > LAN with a failover bypassing the IDS in case it goes down, and for devices I do not need to worry about using VLANS.  Was hoping to pass data directly to my log server but my elk stack is using docker which means no real way to input opnsense data. 

I have the elk stack on a remote server.  I cannot seem to get opnsense to forward traffic to it.  I was able to use barnyard2 with pfsense, do we have a feature that will allow remote log management?

I enabled unbound in forwarding mode, and it will forward to an upstream DNS server.  That works, but it is not forwarding hostnames.  I only see my opnsense ip in the forwarder even though I have enabled register hostnames in unbound.  Any idea why it is failing to pass hostnames? I have set hostname in DHCP for each host but it is not passing them.

There is something in the works, still very young, that will allow management of suricata.  I agree, right now its a mess.  No whitelisting/blacklisting, no rules suppression, and more importantly no way to manage the existing rules without going through thousands of lines.  Github repo is where you can follow the development.

Make sure your hardware supports it...no need to burden it if not.  Throw aanval in a vm/jail on another box.  That being said, I had aanval at one point, good stuff.  Next go around im going to be using elk stack though, if I can figure out how to pass suricata logs to a syslog server.

I see that! I guess I meant DNS validation for letsencrypt.  Sorry.  I do not know of any other way to validate subdomains that do not really have any way to validate.