Messages

I followed the online documentation about how to create a guest network skipping the captive portal setup.

The FW rules are as shown on the documentation

I have a machine in the guest network and realized couldn't get online. after few checks I realized it is a problem of DNS.

I tried:

Code Select Expand

ping facebook.com
with 100% package lost

Code Select Expand

ping 8.8.8.8
with no issue

UnboundDNS is enable with access to any interfaces

My temporary workaround has been to pass an external DNS server with the DHCP setting.

Can someone help to understand where is the problem?
There is no DENY msg in the FW log

thanks

At the end I followed the online opnsense documentation about guest network https://docs.opnsense.org/manual/how-tos/guestnet.html showing the FW configuration for the 2nd network.

Next is to tweak a guest network as DMZ allow traffic in for specific port

thx

HI pmhausen,

thanks for your reply and help. Unfortunately the DMZ does not go online plus I discovered one more weird thing.
1) I changed the FW rule in DMZto allow src:DMZnet dst:port53, dst:DMZ address
2) add src: DMZnet dst port:any dst:any

at least the #2 I though should give full access from the DMZ to internet but didn't

The weird thing is that I try to connect using openvpn to one machine in the DMZ (dst port:1194) and these packets are not shown in the firewall log during the connection attempt. For the record it doesn't connect and possibly pakets are denied without log?!

Is there any further hints for me to follow?

Cheers

Dear all,

I'm working on OPN for few weeks now tring to get the best configuration between my old architecture and new possibilities using OPN
At the moment I want to move on using OPNSense as firewall between LAN and DMZ and used as default Gateway.

I use APU2c4 with 3NIC
igb0:wan
igb1:LAN
igb1: DMZ

Lan and intranet are online, no problem

I have problems to get the DMZ online. What I can see from the FW live view log is that all attempts from DMZ IPs are blocked.
In DMZ FW rules I added one source,DMZ, dst: wan net but still no way to get online

The message from the FW log says: Default deny / state violation rule and I can't figure out the default rule.

Can someone point me to some direction of investigation?
thanks

Dear all, thanks for help.

After few more tries and a further study I managed to get the following configuration working with DHCP server on Opnsense and openwrt as client.

To get access to internet from the DMZ I created a static route with destination o.o.o.o/o and gateway the DMZ interface

I hope this will help someone else

regards

Dear all,

I'm strugleing to figure out how to make this work.
I have a modem/router with Openwrt with 3 LANs (LAN, DMZ, DMZ_2), and for all of these there is a DHCP server.
I want to change the router/firewall from zeroshell used in DMZ to opnsense used in DMZ_2

Opnsense run on APU2c4.
I have 2 NICs bridged configured with DHCP client. opnsense receive the IP from the DHCP server when connected to the Openwrt main router.
the issue is that if I plug a pc to the second NIC of the bridge, the pc doesn't receive the IP. In other terms the bridge in Opnsense doesn't forward the DHCP server information.

Can I have some hints?

I've tried also to reverse the setting with DHCP server on Opnsense and Openwrt as client but with this I get really confused with routes and gateway and I can't figure out how to access the open internet from DMZ_2 machines...

To be honest I don't know which is the best or correct way of doing it. I have the actual configuration with Openwrt in charge of al DHCP server and works so far and it make sense to me

cheers

Dea rall,
I'm new to opnsense and I'm happy I decided to start to use it.

I have an APU2D4 (3 NICs) and for fun few years back I built my own 'IT' corner with a NAS and a webserver.

Thi IT corner is so configured:

• modem/router with openwrt generating a DMZ network for which is the DHCP server (old setup on which I have to work on but I'm never home long enough to have direct access to my devices
• Zeroshell as FW in the DMZ with DHCP (Client) and a bridge of the 3 NICs working also as switch
• webserver and NAS

Now I'm trying to change Zeroshell with OPNsense and I got stucked right at the beginning. First step is to replicate the Bridge in OPNSense using the DHCP server from the router/modem.

I followed the documentation about how to create a bridge assigning to it the LAN specs which did work.

After I assgned the LAN itnerface to the original NIC, created a new BRIDGE interface with dymanic DHCP. When I connect the BRIDGE to the router, the interface receive an IP accordingly but:

• if I connect my pc to BRIDGE I don't receive the IP
• despite I set up a FW rule for BRIDGE to accept TPC connections (consider I connect to the DMZ network from a different temporary switch) I can't access the machine

Now, first thing first. Can someone pass some hints how to dynamically pass te IP address to any machine connected to the BRIDGE interface?

cheers

ADDENDUM: I connect a serial console to the box and I see this error shown on the screen:
arpresolve: can't allocate llinfo for 10.xxx.xxx.1
on BRIDGE network and the IP is for the GW and IP of the router/modem