Topics

1

Virtual private networks / Wireguard, localnetwork traffic over VPN, rest not

« on: March 19, 2024, 11:31:10 am »

hello all

how to configure following:
Wireguard (finally working / thx to the wireguard configurator)
the client should use http://localwebsite.cloud/ over vpn
the rest of the traffic not. should go directly over the wlan interface.

thx

2

General Discussion / block outgloing traffic > 1 MB

« on: February 15, 2024, 10:40:49 am »

hello all

i have multiple IPs and do Service segregation. each service has an own IP.

for instance: 1.1.1.1 is webbserver
2.2.2.2 is rdp server
3.3.3.3 is mail server

for instance on the webserver a page is lets suppose 100 kb of size. there should never be a download or a connection which pulls for example a 10 mb file. how can i limit the transmited data to a certain limit ? and how can i get informed, per email, if something like that happens ?
thx

3

Intrusion Detection and Prevention / Change of IP in case of event X

« on: February 15, 2024, 10:31:46 am »

hello all

i am not sure its the right category.

i want to change the Public IP in case of an attack

means: i have multiple IPs assigned to myself. the main IP, lets suppose 1.1.1.1 and second IP 2.2.2.2, which is a webservice behind (for instance).
now, there are a coulple of cenarios
1. port scan, usually coming from 1 ip and scam many ports
2. DDOS attack - many different IPs overflood the webservice with requests.

1. what can i do against it ? or what are you doing against portscans ?
2. i want in case of an DDOS attack to change the IP from 1.1.1.1 to 2.2.2.2. the "non_configured" IPs on the opnsense will be than handled and blocked from the ISP.

how can i configure the ip change.

4

Web Proxy Filtering and Caching / Link check for correct syntax

« on: January 03, 2024, 12:22:15 pm »

hello all

i have an webserver which offers some content.
the link looks like
https://foo.bar.com/blub?cat=all
https://foo.bar.com/blub?cat=config

and so on
how can i restrict incoming requests to a Link Syntax, all other requests should be dismissed
thx for input

5

High availability / Config Sync, not HA

« on: May 12, 2023, 08:44:13 am »

hello all
i have 4 Node proxmox Cluster, each Node is connected with its own interface to outside and has its own IP addresses. on each node is an opnsense Firewall, which is connected to a 5th OPNsense, this FW is connected to the vswitche of Proxmox and is the Gateway for the whole network.
now i would like to sync the settings accross all OPNSense, like the HA Option where i can choose what to sync.
but this is a HA Version (a/P).
any hints how i can sync the FWs ?
thx all

6

General Discussion / multiple WAN, Single GW, Traffic

« on: March 17, 2022, 07:37:57 am »

hello all,

i need following:

4 x Public IP (lets call them 1 2 3 and 4 with the gateway 9
4 Internal networks (lets call tham a b c and d)

in DNS are different IPs for each service (like web on 4, email on 2, ..) the internal DNS is on c
the traffic should go in 1 in, and only to the internal network a and send the answer to a out (not over 3 where the standadd Gateway is configured at the moment)
1 <> a
2 <> b
3 <> c
4 <> d
how can i do that ?
with centos its easy. just create custom routes which are attached to the interfaces. but how can i do it with opnsense. i am right now choosing the new firewall i want to use because of that requirement. opnsense looks very robust and has good references / so, i would love to use that software.
anybody an input ?
thx
regards