"
Thanks koushun for the tips..
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
#92
20.7 Legacy Series / Re: NTP on LAN not syncing..
January 27, 2021, 06:33:53 PM
I too did not understand why it does that.
The server at .162 can access the firewall interface at .146 is because I had allowed access to it for management purpose.
Anyway I'll see if I can make it work the VLAN way.
Thanks..
The server at .162 can access the firewall interface at .146 is because I had allowed access to it for management purpose.
Anyway I'll see if I can make it work the VLAN way.
Thanks..
#93
20.7 Legacy Series / Re: NTP on LAN not syncing..
January 27, 2021, 02:37:11 PMQuote from: koushun on January 27, 2021, 02:02:53 PM
I might have misunderstood something here.
But, do you have three interfaces- all within the same net?
Yes
Or; what is the subnets of these interfaces? Can you post the CIDR notation of each?
vFirewall_Network - 192.168.31.128 /27 | 255.255.255.224 | 192.168.31.129 - 192.168.31.158
vFirewallP - 192.168.31.146 /27
vServer_Network - 192.168.31.160 /27 | 255.255.255.224 | 192.168.31.161 - 192.168.31.190
And what is the IP/Subnet of the client (Server?) from where you execute your PowerShell command? .. Is the server on the same subnet as the Gateway?
vServerP - 192.168.31.162 /27
Yes the server is on the same subnet as the gateway and within the assignable IP range.
What does Command prompt: w32tm /query /peers give you?
There is no result as such of success or failure, if successful within some seconds the time syncs, if it fails the time remains the same. So when the peers address is of the vFirewallP interface (192.168.31.146) the time syncs, when the peers address is of vServer Gateway (192.168.31.174) the time does not sync at all and remains the same
You can ping all OPNsense interface addresses from your "Server"?
Yes
Please find the answers bolded in your quote reply, thanks..
#94
20.7 Legacy Series / Re: NTP on LAN not syncing..
January 27, 2021, 12:13:39 PMQuote from: koushun on January 27, 2021, 01:38:03 AM
I cannot understand your network scheme; the names you provided, Port 2 - Firewall Management, Port 3 - Server Gateway - I do not see them in the screenshot you have provided?
You have two interfaces which has an unique IP adresse on the same subnet?
Thanks for replying back, the names provided are just for reference and not names set in the firewall.
That would be:
vFirewallP - 192.168.31.146 (in the vFirewallP_Network)
vServerP - 192.168.31.162 (in the vServerP_Network)
vServerP Gateway - 192.168.31.174
#95
20.7 Legacy Series / Re: DNS | IP to name (FQDN) in browser URL
January 05, 2021, 09:52:33 PM
Thanks for clarifying that, I was under the impression DNS should resolve, that too in the browser..
#96
20.7 Legacy Series / DNS | IP to name (FQDN) in browser URL
January 04, 2021, 09:41:47 PM
Hi,
I have a small lab setup as follows.
A Windows Server with DNS service (192.168.31.165/27)
An OPNSense Firewall (192.168.31.131/27)
An ESXi Server (192.168.31.197/27)
Both the Windows Server and ESXi host are in different subnets and connected to the Firewall.
If I do an nslookup from ESXi via SSH I get the DNS resolved results both ways as in Image 1.
But if I enter the IP address in the URL of the browser to access the ESXi Web GUI the IP address does not change to the name of the ESXi as in the DNS A Record (Image 2). How do I achieve having the browser change the IP to name when opening the ESXi. How can I achieve this with OPNSense.
I did a DNS diagnostic in the OPNSense as well, DNS resolves fine both forward and reverse (Image3 and 4).
Thank You
I have a small lab setup as follows.
A Windows Server with DNS service (192.168.31.165/27)
An OPNSense Firewall (192.168.31.131/27)
An ESXi Server (192.168.31.197/27)
Both the Windows Server and ESXi host are in different subnets and connected to the Firewall.
If I do an nslookup from ESXi via SSH I get the DNS resolved results both ways as in Image 1.
But if I enter the IP address in the URL of the browser to access the ESXi Web GUI the IP address does not change to the name of the ESXi as in the DNS A Record (Image 2). How do I achieve having the browser change the IP to name when opening the ESXi. How can I achieve this with OPNSense.
I did a DNS diagnostic in the OPNSense as well, DNS resolves fine both forward and reverse (Image3 and 4).
Thank You
#97
20.7 Legacy Series / NTP on LAN not syncing..
December 25, 2020, 07:31:05 PM
Hi,
This is a VMware workstation setup.
I have Port 1 - WAN
Port 2 - Firewall Management - 192.168.31.146
Port 3 - Server Gateway - 192.168.31.174 (Server - 192.168.31.162)
I have setup NTP and selected all the interfaces for the firewall to listen but the Server does not sync at all from its Gateway.
I use the following powershell command
But it doesn't sync time at all, however, if I change the peerlist syncing IP from server gateway to firewall management IP in the command
the server syncs perfectly, anyone knows why this is happening, ro am i misunderstanding something.
This is a VMware workstation setup.
I have Port 1 - WAN
Port 2 - Firewall Management - 192.168.31.146
Port 3 - Server Gateway - 192.168.31.174 (Server - 192.168.31.162)
I have setup NTP and selected all the interfaces for the firewall to listen but the Server does not sync at all from its Gateway.
I use the following powershell command
Code Select
w32tm /config /syncfromflags:manual /manualpeerlist:192.168.31.174,0x8 /reliable:yes /update
w32tm /config /update
w32tm /resyncBut it doesn't sync time at all, however, if I change the peerlist syncing IP from server gateway to firewall management IP in the command
Code Select
w32tm /config /syncfromflags:manual /manualpeerlist:192.168.31.146,0x8 /reliable:yes /update
w32tm /config /update
w32tm /resyncthe server syncs perfectly, anyone knows why this is happening, ro am i misunderstanding something.
#98
20.1 Legacy Series / Re: Firewall not allowing DNS resolution..
May 21, 2020, 09:51:05 PM
This issue is resolved, I had to create both in and out rule on each interface, and now DNS resolution works.
#99
20.1 Legacy Series / Firewall not allowing DNS resolution..
May 20, 2020, 05:03:43 PM
Hi,
I have the following network
Infrastructure - 192.168.10.0/24
HostsA - 192.168.20.0/24
HostsB - 192.168.30.0/24
iSCSI - 192.168.40.0/24
and 4 interfaces on the firewall, each interface is the gateway to its respective network above.
I have a rule to allow any protocol through the interface [in rule] however the TCP/UDP packets fail nd DNS resolution fails. So I added a [out rule] to allow TCP/UDP from port53 to port53 on all interfaces yet the clients in the LAN are unable to get to the DNS server.
192.168.10.2 is the DNS server to which ping works.
Before the DNS-Specific Rule
https://i.ibb.co/Wf9fyF3/server-2020-05-20-15-37-36.png
https://i.ibb.co/yqFkCVV/infrastructure1-2020-05-20-15-38-22.png
After adding a DNS-Specific out rule the DNS resolution still fails
https://i.ibb.co/WK0fSYP/server-2020-05-20-15-44-17.png
https://i.ibb.co/yqFkCVV/infrastructure1-2020-05-20-15-38-22.png
Nothing in the logs either, however at one point in time the log did show the udp packet going out of the interface (showing the rule is working, happened 1 time only) but did not reach the DNS server (no other udp packet appeared in the logs)
https://i.ibb.co/wS2bqGq/server-2020-05-20-15-45-35.png
https://i.ibb.co/zQqXZd2/server-2020-05-20-15-52-16.png
https://i.ibb.co/qmhvjj3/server-2020-05-20-15-55-36.png
Any thoughts what is not in order, thanks..
I have the following network
Infrastructure - 192.168.10.0/24
HostsA - 192.168.20.0/24
HostsB - 192.168.30.0/24
iSCSI - 192.168.40.0/24
and 4 interfaces on the firewall, each interface is the gateway to its respective network above.
I have a rule to allow any protocol through the interface [in rule] however the TCP/UDP packets fail nd DNS resolution fails. So I added a [out rule] to allow TCP/UDP from port53 to port53 on all interfaces yet the clients in the LAN are unable to get to the DNS server.
192.168.10.2 is the DNS server to which ping works.
Before the DNS-Specific Rule
https://i.ibb.co/Wf9fyF3/server-2020-05-20-15-37-36.png
https://i.ibb.co/yqFkCVV/infrastructure1-2020-05-20-15-38-22.png
After adding a DNS-Specific out rule the DNS resolution still fails
https://i.ibb.co/WK0fSYP/server-2020-05-20-15-44-17.png
https://i.ibb.co/yqFkCVV/infrastructure1-2020-05-20-15-38-22.png
Nothing in the logs either, however at one point in time the log did show the udp packet going out of the interface (showing the rule is working, happened 1 time only) but did not reach the DNS server (no other udp packet appeared in the logs)
https://i.ibb.co/wS2bqGq/server-2020-05-20-15-45-35.png
https://i.ibb.co/zQqXZd2/server-2020-05-20-15-52-16.png
https://i.ibb.co/qmhvjj3/server-2020-05-20-15-55-36.png
Any thoughts what is not in order, thanks..
#100
20.1 Legacy Series / Re: LAN to LAN traffic rules..
May 19, 2020, 04:38:07 PMQuote from: Maurice on May 19, 2020, 01:10:23 PM
If you don't need any filtering, you could simply disable the firewall (in Firewall / Settings / Advanced). This will also disable NAT (which you don't need). No manual routing configuration is required.
Thanks Maurice for replying back.
I have done very basic configuration.
Assigned IP addresses to interfaces
em0 - 192.168.10.1 (Infrastructure)
em1 - 192.168.20.1 (hostsA)
em2 - 192.168.20.1 (hostsB)
em3 - 192.168.20.1 (iSCSI)
I created Gateways for each interface with the same IP addresses above.
I disabled firewall as instructed, now the devices can ping its own gateway but cannot ping device in another LAN.
I get Destination Host Unreachable error.
Anything I'm suppose to or not suppose to do.
Thanks a lot.
#101
20.1 Legacy Series / LAN to LAN traffic rules..
May 19, 2020, 09:21:14 AM
Hi,
I'm new to using firewalls (I'm using OPNSense 20.1 in VMware Workstation), and would like to know what all I need to configure to get the following result.
This is an all-LAN setup no internet access
I have 4 networks.
Infrastructure - 192.168.10.0/24
HostsA - 192.168.20.0/24
HostsB - 192.168.30.0/24
iSCSI - 192.168.40.0/24
I need to be able to communicate between all devices in all the LANs.
This is what i know, I have to configure the interfaces on the firewall as the gateways for devices in each LAN. For example:
Devices in infrastructure have the gateway as 192.168.10.1 and so on for other infrastructures.
I also learned that I need to have rules, thus for my scenario can I know what rules do I need to have in place. I'm not concerned about LAN security, I just need LAN-to-LAN communication.
Also do I need NAT and routing configuration for all-LAN traffic, sorry confused about this.
Thanks.
I'm new to using firewalls (I'm using OPNSense 20.1 in VMware Workstation), and would like to know what all I need to configure to get the following result.
This is an all-LAN setup no internet access
I have 4 networks.
Infrastructure - 192.168.10.0/24
HostsA - 192.168.20.0/24
HostsB - 192.168.30.0/24
iSCSI - 192.168.40.0/24
I need to be able to communicate between all devices in all the LANs.
This is what i know, I have to configure the interfaces on the firewall as the gateways for devices in each LAN. For example:
Devices in infrastructure have the gateway as 192.168.10.1 and so on for other infrastructures.
I also learned that I need to have rules, thus for my scenario can I know what rules do I need to have in place. I'm not concerned about LAN security, I just need LAN-to-LAN communication.
Also do I need NAT and routing configuration for all-LAN traffic, sorry confused about this.
Thanks.
