136
German - Deutsch / Re: Opnsense Fragen zu Mail Gateway
« on: November 22, 2024, 02:31:54 pm »
Das Postfix-Plugin sollte das können.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
137
General Discussion / Re: /29 or /32 on VIP Static Block
« on: November 22, 2024, 08:50:38 am »
The gateway goes in System > Gateways as a single IP address without a prefix length, not in virtual IPs.
To clarify: your first address goes in the Interface configuration with a /29 length. The remaining 4 addresses go in virtual IPs with /32.
To clarify: your first address goes in the Interface configuration with a /29 length. The remaining 4 addresses go in virtual IPs with /32.
138
Intrusion Detection and Prevention / Re: How to set IP for rules working
« on: November 22, 2024, 08:03:21 am »
@someone you do not need Suricata to stay safe. A default OPNsense installation will block everything coming in on WAN. You cannot be hacked if you do not create any allow rules on the WAN interface.
It does not matter what people throw at you all day. It's blocked, so who cares?
To repeat:
- start with a fresh installation of OPNsense
- connect a single PC or a switch to LAN
- configure WAN for your ISP
- set a strong root password
Done. You are perfectly safe. It's impossible to "hack" you over the Internet. You do not need any additional configuration.
It does not matter what people throw at you all day. It's blocked, so who cares?
To repeat:
- start with a fresh installation of OPNsense
- connect a single PC or a switch to LAN
- configure WAN for your ISP
- set a strong root password
Done. You are perfectly safe. It's impossible to "hack" you over the Internet. You do not need any additional configuration.
139
Intrusion Detection and Prevention / Re: How to set IP for rules working
« on: November 21, 2024, 09:12:15 pm »
Sorry, mate ...
What the heck is this supposed to mean?
Most of your posts are an unstructured wall of text containing a lot of incoherent ramblings.
Nobody will be able to deduct from the text you wrote above what your actual question/problem might be.
Please invest some time to structure your posts on this forum so they are comprehensible for people who might have the knowledge to help you.
1. What am I trying to achieve? (motivation)
2. What did I do to achieve this? (*full* details about *all* configuration settings relevant to the issue)
3. What did I expect to happen with these settings?
4. What happens instead? (error messages, unexpected behaviour, log file excerpts, packet traces, etc.)
If you don't change the general way of your posts I seriously doubt anyone will try to help you in the future. We are all just OPNsense users helping each other in our spare time.
If you don't think it is worth your time to structure your posts in any way, I don't think it is worth my time to try and make sense of this gibberish. This particular post of yours is a prime example. It does not make any sense.
Patrick
What the heck is this supposed to mean?
Most of your posts are an unstructured wall of text containing a lot of incoherent ramblings.
Nobody will be able to deduct from the text you wrote above what your actual question/problem might be.
Please invest some time to structure your posts on this forum so they are comprehensible for people who might have the knowledge to help you.
1. What am I trying to achieve? (motivation)
2. What did I do to achieve this? (*full* details about *all* configuration settings relevant to the issue)
3. What did I expect to happen with these settings?
4. What happens instead? (error messages, unexpected behaviour, log file excerpts, packet traces, etc.)
If you don't change the general way of your posts I seriously doubt anyone will try to help you in the future. We are all just OPNsense users helping each other in our spare time.
If you don't think it is worth your time to structure your posts in any way, I don't think it is worth my time to try and make sense of this gibberish. This particular post of yours is a prime example. It does not make any sense.
Patrick
140
General Discussion / Re: crowdsec & DNSBL
« on: November 21, 2024, 09:01:08 pm »how do you use it? I mean I couldnt find a place in WebUI/Unbound DNSBL where I can insert my own List. There are some what I can choose, but the HaGeZi's is not there.
Use the AdGuard Home plugin.
141
General Discussion / Re: Public IPv6 address not getting assigned to LAN connected device
« on: November 21, 2024, 04:17:06 pm »"That upstream router will need to delegate an IPv6 prefix for OPNsense to use on its LAN(s)." - How can I configure this, will it be possible to configure from ISP router? If not, what are the alternatives to do?
If it is possible depends on the ISP router. Since this is the OPNsense forum and probably very few if any people know the router you are using, you will have to check the vendor documentation for the questions if it is supported at all and if yes, how to configure it.
Also, if upstream router is not providing, then the alternative is to have a DHCPv6 in OPNsense?
No, at least not a fully working IPv6 connection. You could use ULA on LAN on OPNsense and perform NPT6, but if your WAN is not a point to point link but another broadcast medium (as seems to be the case from your posts), then neighbour discovery won't work, so the answer is essentially "no".
There is a new NDP proxy in the works by @Monviech that can hack around some of the restrictions but it's rather new and experimental and there is not yet much experience with it.
HTH,
Patrick
142
General Discussion / Re: Forum login timeout very aggressive?
« on: November 21, 2024, 12:03:55 pm »
The default is one hour. If you click on the "Login" button without supplying username and password, you are redirected to the extended login mask.
There you can either pick a longer timeout or activate "stay logged in" - see screen shot.
HTH,
Patrick
There you can either pick a longer timeout or activate "stay logged in" - see screen shot.
HTH,
Patrick
143
24.7 Production Series / Re: Double NAT, IPV6 Issue
« on: November 21, 2024, 09:08:34 am »
The Asus router must delegate a prefix to OPNsense. You need to check with the vendor documentation if it can do that and how to configure.
144
General Discussion / Re: <SOLVED> install stops at Mountroot> and never gets to Login page
« on: November 20, 2024, 08:49:58 pm »
Login as user "installer" with password "opnsense" to install to the hard disk.
You should not have written directly to that, anyway. It's like a windows installation - boot from external media and install the OS.
Pick ZFS, it's far superior to UFS.
You should not have written directly to that, anyway. It's like a windows installation - boot from external media and install the OS.
Pick ZFS, it's far superior to UFS.
145
German - Deutsch / Re: QuickStart Tipps benötigt
« on: November 20, 2024, 08:47:31 pm »
Langsam vorgehen und nicht alles auf einmal einbauen wollen.
Die Default-Konfiguration ist "sicher" und funktional. Ausgehend alles erlaubt, eingehend alles verboten, DNS und DHCP funktionieren.
Also erst mal den Uplink von einem einzelnen PC aus einrichten. Wenn der geht, dann ggf. das Netz vom LAN ändern, und dann erstmal durchatmen und angucken
Die Default-Konfiguration ist "sicher" und funktional. Ausgehend alles erlaubt, eingehend alles verboten, DNS und DHCP funktionieren.
Also erst mal den Uplink von einem einzelnen PC aus einrichten. Wenn der geht, dann ggf. das Netz vom LAN ändern, und dann erstmal durchatmen und angucken
146
German - Deutsch / Re: QuickStart Tipps benötigt
« on: November 20, 2024, 07:33:44 pm »
Wenn du DHCP und DNS weiter mit Ubiquiti machen willst, und der Traffic auch weiterhin durch das Gerät hindurch laufen soll, welchen Sinn hat dann die OPNsense davor? Die sieht dann nur die eine externe IP-Adresse von dem Ubiquiti-Teil ...
147
General Discussion / Re: High inblock packet count on passive LAN interfaces
« on: November 20, 2024, 07:08:25 pm »
Mega is M, milli is m.
148
24.7 Production Series / Re: 24.7.9 - Can't login WebGUI with 2FA
« on: November 20, 2024, 06:09:34 pm »
Did you perchance set the "always reboot" option in the UI?
System > Firmware > Settings > Advanced
System > Firmware > Settings > Advanced
149
General Discussion / Re: MacOS hijacks the DNS settings?!
« on: November 20, 2024, 05:02:06 pm »
Go to System Settings, click on your name at the top in the left menu bar, click on iCloud, look for "Privacy Relay", disable.
150
General Discussion / Re: High inblock packet count on passive LAN interfaces
« on: November 20, 2024, 04:52:32 pm »
Thats 200 millipackets per second or a fifth of a packet or one packet every five seconds.
That's just some multicast, neighbour discovery, keepalive, whatever ... stuff from the switch or any other device on that untagged network.
That's just some multicast, neighbour discovery, keepalive, whatever ... stuff from the switch or any other device on that untagged network.