Messages

106

20.7 Legacy Series / Re: Where disable remote syslog?

« on: September 27, 2020, 09:01:11 am »

When I disable Syslog Server (Destination) in OPNSense Log there where entrys like:
Syslog connection broken; fd='21', server='AF_INET(172.30.90.81:514)', time_reopen='60'

So it trys to log all the time!
I think it´s a bug between GUI and Backend.

Greets

Byte

107

20.7 Legacy Series / Re: Where disable remote syslog?

« on: September 25, 2020, 06:02:27 pm »

yes, several times!

It´s spoky, in config, I didn´t find a place, where remote syslog IP ist set to...

Greets

Byte

108

20.7 Legacy Series / Re: Where disable remote syslog?

« on: September 25, 2020, 03:01:01 pm »

Hi,

thanks, removed it from config, import config part for syslog, restart syslog.
Now when I download config file, its like yours.

But, there are entrys every seconds in remote syslog::
Hostname                 Kategorie    Programm    Nachrichten
OPNsense.local          local7                dhcpd              DHCP offer
OPNsense.local         user                   devd             Popping table
 OPNsense.local       user                 configd.py     [xxxxxxx

and so on....

Need help

109

20.7 Legacy Series / Re: Where disable remote syslog?

« on: September 25, 2020, 11:19:26 am »

That´s empty!
So that is the problem!

Greets

Byte

110

20.7 Legacy Series / Re: Where disable remote syslog?

« on: September 25, 2020, 10:45:08 am »

Hi,

no idea?

When I look into config.xml, there isn an entry

Code: [Select]

<syslog>
    <reverse>1</reverse>
    <nentries>50</nentries>
    <remoteserver>172.30.90.81</remoteserver>
    <remoteserver2/>
    <remoteserver3/>
    <sourceip/>
    <ipproto>ipv4</ipproto>
    <logall>1</logall>
    <enable>1</enable>
    <nologdefaultblock>1</nologdefaultblock>
    <nologdefaultpass>1</nologdefaultpass>
    <nologbogons>1</nologbogons>
    <nologprivatenets>1</nologprivatenets>
  </syslog>
But no position, where I can disable it in GUI?!

BUG??

Greets

Byte

111

20.7 Legacy Series / Where disable remote syslog?

« on: September 23, 2020, 11:28:01 am »

Hi,

I want to disable remote syslog.
I disabled/removed all from System->Logging/targets.

But on my remote syslog there where many entrys.

Where can I finaly disable it?

Greets

Byte

112

20.7 Legacy Series / Re: BIND - Need Port setting for DNS Forwarders

« on: September 03, 2020, 09:26:08 pm »

OK, thanks,

found
{% if helpers.exists('OPNsense.bind.general.forwarders') and OPNsense.bind.general.forwarders != '' %}
        forwarders    { {{ OPNsense.bind.general.forwarders.replace(',', '; ') }}; };
and replaced forwarders line to:
         forwarders    { 127.0.0.1 port 5353; ::1 port 5353; };

that seems to work!

Greets

Byte

113

20.7 Legacy Series / Re: BIND - Need Port setting for DNS Forwarders

« on: September 03, 2020, 07:57:22 pm »

Yes, I wrote this as workaround.

But, when you push SAVE on BIND settings, or somthing is going on on opnsense (restart or else) its overwritten and my network has no DNS-Server.

Greets

Byte

114

20.7 Legacy Series / BIND - Need Port setting for DNS Forwarders

« on: September 03, 2020, 05:30:21 pm »

Hi,

I want to forward DNS-Requests from BIND to DNSCrypt-Proxy.
But BIND only allow to set IP-Adresses ipv4 and ipv6 without special Port.

I want to forward to 127.0.0.1:5353 and [::1]:5353
but this is only possible by editing /usr/local/etc/namedb/named.conf.
But when system is change settings, the config will be overwritten
and in my network, no dns is possible....

Is there a workaround or future-request to set ports to forward-adresses ?

Greets

Byte

115

German - Deutsch / Re: Bind & DNS over TLS

« on: September 03, 2020, 02:14:02 pm »

@mimugmail

Firewall - Virtual IPs .. Alias hinzufügen mit Interface Localhost und IP 127.0.0.8/8
In DNSCrypt den Haken bei Allow Privileged Ports rein und dann bei Listen 127.0.0.8:53

Dann im BIND als Forwarder 127.0.0.8 ... das wars ..

Please can you help me,

I set VirtualIP
   IPAlias, Loopback, 127.0.0.8 / 8,
   -->  ::8 / 128   (is this correct for ipv6) ??

When I set in dns-crypt
Allow Privileged Ports
and set [::8]:53 127.0.0.8:53
the service didn´t start and log -> " [FATAL] listen udp 127.0.0.8:53: bind: address already in use"
this is always, when I change VirtualIP to 127.0.0.9 also!

What I´m doing wrong??


Greets

Byte

116

Tutorials and FAQs / Re: HOWTO - DNS Security / Unbound DNS with DNSCrypt, DoH Plugin for IPv4 + IPv6

« on: August 23, 2020, 02:55:10 pm »

Thanks,

In BIND, you can't set Port for Forwarder in GUI.

Should ::8 work for ipv6?
And wich Adapter I shoud set?
Loopback?


Greets

Byte

117

Tutorials and FAQs / Re: HOWTO - DNS Security / Unbound DNS with DNSCrypt, DoH Plugin for IPv4 + IPv6

« on: August 23, 2020, 10:39:49 am »

::1

I doesn´t understand this.

127.0.0.1 doesn´t  work, because unbound dns ist listen to Port 53.
So I set 127.0.0.8 as virtual IP and listen do Port 53.

So ::1 doesn´t work, because unbound DNS listen to Port 53,
so I need another virtual IP for listen to Port 53.
e.g. ::8 Port 53


Greets

Byte

118

Tutorials and FAQs / Re: HOWTO - DNS Security / Unbound DNS with DNSCrypt Plugin for IPv4 + IPv6

« on: August 23, 2020, 09:45:53 am »

You can also add an alias 127.0.0.8 and listen dnscrypt to this IP with port 53. Will also work ...

How Do I do this for IPv6 please?

Virtual IP for ::8 ??

Greets

Byte

119

20.7 Legacy Series / Re: Port forward virtual ip in lan doesnt work for me?

« on: August 16, 2020, 11:35:47 am »

Hi,

my general question is, how can i set up a portforward from virtual ip to a other destination?

greets

byte

120

20.7 Legacy Series / Port forward virtual ip in lan doesnt work for me?

« on: August 15, 2020, 08:54:10 am »

Hi,

I want to port forward a virtual ip.
So i set a virtual ip as ip alias for LAN.
Port forward for LAN virtual ip destination, port 80  to  fritzbox-ip port 80.
When i use virtual ip onbrowser, it doesn´t work

This setting should be a test. Finally I want to port forward tcp 445 und udp 137, 138 to an ip and 1145 and 1137, 1138, for port forward smb. But this foesn't work also....


Greets

Byte