211
General Discussion / Default LAN Interface Config Question
« on: December 31, 2020, 04:37:50 am »
My LAN interface is 192.168.1.0/24. Can I also configure it for a vlan on another subnet? Is this doable?
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
212
General Discussion / Building a Backup Firewall
« on: December 20, 2020, 12:34:37 am »
All,
I am in the midst of building a secondary firewall. Can I connect the LAN interface of the new firewall to my current network, so I can get the updates?
Thanks,
Steve
I am in the midst of building a secondary firewall. Can I connect the LAN interface of the new firewall to my current network, so I can get the updates?
Thanks,
Steve
213
Web Proxy Filtering and Caching / Reset of Proxy
« on: December 17, 2020, 06:56:05 am »
Hello all,
Is there a way to reset Web Proxy back to defaults, so I can start again with its configuration.
Thanks,
Steve
Is there a way to reset Web Proxy back to defaults, so I can start again with its configuration.
Thanks,
Steve
214
Web Proxy Filtering and Caching / Firewall Rules for Proxy
« on: December 15, 2020, 12:16:54 am »
Hello all,
I have setup my proxy firewall rules but wanted to make sure the order of my rules is correct. Do I need to move the default allow to the bottom?
Thanks,
Steve
I have setup my proxy firewall rules but wanted to make sure the order of my rules is correct. Do I need to move the default allow to the bottom?
Thanks,
Steve
215
Web Proxy Filtering and Caching / Proxy Log Errors
« on: December 14, 2020, 01:38:23 am »
Hello all,
I am seeing this in my proxy log:
kid1| Initializing https:// proxy context
kid1| ERROR: loading file '/usr/local/etc/squid/errors/local/ERR_ACCESS_DENIED': (13) Permission denied
Many more of the second line. Is this a permissions issue and if yes what should I set the permissions to be on the /usr/local/etc/squid/errors/local directory.
Thanks,
Steve
I am seeing this in my proxy log:
kid1| Initializing https:// proxy context
kid1| ERROR: loading file '/usr/local/etc/squid/errors/local/ERR_ACCESS_DENIED': (13) Permission denied
Many more of the second line. Is this a permissions issue and if yes what should I set the permissions to be on the /usr/local/etc/squid/errors/local directory.
Thanks,
Steve
216
General Discussion / DNS Response is Wrong
« on: December 05, 2020, 05:59:21 pm »
OK first let me say I do not know if OPNsense is the causing element but I am hoping someone could assist. I am running OPNsense 20.7.5 at home and have Unbound handling DNS and the DHCP server handling DHCP requests. I also have Pi-Hole handling adlists processing.
If I ping a device by its server name it resolves to its original IP, meaning the IP the server got created and registered to DHCP with. I have since given most servers static IPs, and did this within the DHCP service of OPNsense. When I ping the device by its FQDN it resolves to the proper IP, so somewhere I have incompatible DNS entries.
I double checked both DHCP and Unbound and things seem ok. Any thoughts?
If I ping a device by its server name it resolves to its original IP, meaning the IP the server got created and registered to DHCP with. I have since given most servers static IPs, and did this within the DHCP service of OPNsense. When I ping the device by its FQDN it resolves to the proper IP, so somewhere I have incompatible DNS entries.
I double checked both DHCP and Unbound and things seem ok. Any thoughts?
217
General Discussion / What Are You Using as a Network Monitoring Solution
« on: October 25, 2020, 06:33:29 pm »
Hello all,
I have been reviewing NTOPNG as a potential solution, but it seems if I do not run it on the OPNsense platform I cannot gather all relevant info for subnets. Its only looking at the subnet where NTOPNG is running. Are you using NTOPNG as your solution or is there a better solution out there? I am trying to stay open source and free but am willing to pay some money to something that allows me visibility into my network.
If you are using NTOPNG, but have it on a seperate device/VM do you just mirror the firewall port to get all relevant info? In my use case I am running mostly vlans and they are connected to physical NICs on my OPNsense device(4 port NIC).
Thanks,
Steve
I have been reviewing NTOPNG as a potential solution, but it seems if I do not run it on the OPNsense platform I cannot gather all relevant info for subnets. Its only looking at the subnet where NTOPNG is running. Are you using NTOPNG as your solution or is there a better solution out there? I am trying to stay open source and free but am willing to pay some money to something that allows me visibility into my network.
If you are using NTOPNG, but have it on a seperate device/VM do you just mirror the firewall port to get all relevant info? In my use case I am running mostly vlans and they are connected to physical NICs on my OPNsense device(4 port NIC).
Thanks,
Steve
218
20.7 Legacy Series / Firewall Rule Issue?
« on: October 25, 2020, 02:31:07 am »
I am trying to set a rule, where the destination is my interface address and I want to add a port range. I cannot get the drop down to work on the port range. Do I need to do something to activate the drop downs?
219
General Discussion / I Got Questions...Does Someone Have Answers??
« on: September 29, 2020, 10:24:57 pm »
Ok folks I hope you can help. I am trying to build a config on a new PC and am running into some issues that I do not understand. I am betting that these are simple enough but I seem to be brain freezing...
1) I have configured LAN to be on my physical interface of IGB0(192.168.1.0/29). I am not configuring DHCP bc there will not be anything connecting on this subnet. This is merely here bc of Unbound and any other systems that reside on OPNsense. If I need to connect I can simply hard configure my PC is to be on this subnet, but this should not be needed.
2) I have configured a VLAN on top of IGB0 for VLAN1, which is my mgmt VLAN(192.168.0.0/24). DHCP was configured for this, with 192.168.0.21-192.168.0.254 being the scope.
3) On my core switch, where the OPNsense firewall will connect, I have configured the port to be tagged for VLAN 1 and only VLAN 1.
So the questions are:
1) Will the above work as configured?
2) Should 192.168.1.1 be available via VLAN 1 from another port on the switch?
3) Am I barking up a tree trying to get this to work?
The reason why I am doing this is I have a 4 port network card and I hate having to dedicate IGB0 to the LAN interface only, if its only to get to systems that are on the OPNsense. Seems to be a waste of a perfectly good NIC, that could be used for other things like VLANs. If dedicating the NIC to this interface is the simplest config I still have 3 NICs that can be used for all my VLAN needs.
I am just looking for some guidance and rationale. If I need to be slapped it would not be the first time!
Steve
1) I have configured LAN to be on my physical interface of IGB0(192.168.1.0/29). I am not configuring DHCP bc there will not be anything connecting on this subnet. This is merely here bc of Unbound and any other systems that reside on OPNsense. If I need to connect I can simply hard configure my PC is to be on this subnet, but this should not be needed.
2) I have configured a VLAN on top of IGB0 for VLAN1, which is my mgmt VLAN(192.168.0.0/24). DHCP was configured for this, with 192.168.0.21-192.168.0.254 being the scope.
3) On my core switch, where the OPNsense firewall will connect, I have configured the port to be tagged for VLAN 1 and only VLAN 1.
So the questions are:
1) Will the above work as configured?
2) Should 192.168.1.1 be available via VLAN 1 from another port on the switch?
3) Am I barking up a tree trying to get this to work?
The reason why I am doing this is I have a 4 port network card and I hate having to dedicate IGB0 to the LAN interface only, if its only to get to systems that are on the OPNsense. Seems to be a waste of a perfectly good NIC, that could be used for other things like VLANs. If dedicating the NIC to this interface is the simplest config I still have 3 NICs that can be used for all my VLAN needs.
I am just looking for some guidance and rationale. If I need to be slapped it would not be the first time!
Steve
220
General Discussion / Interface Removal
« on: September 02, 2020, 06:20:00 pm »
Can you have more than one interface marked for non removal?
221
General Discussion / DHCP Services
« on: August 28, 2020, 02:53:52 am »
I have multiple local subnets and use the DHCP server in OPNsense to provide these services. Are there any alternative DHCP servers that I could use to do this? I am trying to keep my firewall free of extraneous services but not sure how to solve this one.
222
20.7 Legacy Series / All VLAN Configuration
« on: August 24, 2020, 11:04:36 pm »
Hello all,
Is it possible to have an all VLAN configuration on OPNsense? In the initial configuration the LAN interface is set to 192.168.1.1 on a physical NIC. How can I move this to a VLAN interface and free up the physical NIC to be part of an overall LAG.
Thanks,
Steve
Is it possible to have an all VLAN configuration on OPNsense? In the initial configuration the LAN interface is set to 192.168.1.1 on a physical NIC. How can I move this to a VLAN interface and free up the physical NIC to be part of an overall LAG.
Thanks,
Steve
223
General Discussion / LAN Interface Questions
« on: August 21, 2020, 07:28:41 pm »
Hello all,
My original setup had a WAN and a LAN interface. The setup was built as 192.168.1.1 for Unbound. I want to move to an all VLAN setup for the LAN side, using a LAG for all my LAN NICs(3 in total). If I remove the LAN interface I lose DNS. How do I reconfigure OPNsense so that the DNS resolver is on vlan 1, which is my mgmt interface?
Thanks,
Steve
My original setup had a WAN and a LAN interface. The setup was built as 192.168.1.1 for Unbound. I want to move to an all VLAN setup for the LAN side, using a LAG for all my LAN NICs(3 in total). If I remove the LAN interface I lose DNS. How do I reconfigure OPNsense so that the DNS resolver is on vlan 1, which is my mgmt interface?
Thanks,
Steve
224
General Discussion / Internet Only FW Rule
« on: August 18, 2020, 06:23:22 pm »
Does anyone have a screenshot of a working fw rule that only allows Internet access?
225
20.7 Legacy Series / DHCP Server - Can I Just Change Host Name?
« on: August 16, 2020, 09:39:07 pm »
Hello all,
I have several IoT devices on my network and getting DHCP from OPNsense. I would like to change the hostnames listed to something more meaningful, but do not necessarily need/want to change the IP assigned. Can this be done?
Thanks,
Steve
I have several IoT devices on my network and getting DHCP from OPNsense. I would like to change the hostnames listed to something more meaningful, but do not necessarily need/want to change the IP assigned. Can this be done?
Thanks,
Steve