Messages

I dont know such person. I try fight this threat on my own. Partially solved by blocking outgoing trafic to port 53 from WAN. But what if malware use dns over https instead raw dns on port 53?

This connecions was made from WAN ip adress not from lan.

Are you sure about that? When your internal clients use DNS via port 53 to a specific DNS server, then obviously those requests go via the WAN IP via NAT. It seems ~10x more likely that some client has been infected than OpnSense...

I got blocked traffic over port 53 to the internet from lan and port forward to redirect all dns trafic generated in lan to 127.0.0.1 (unbound). Then unbound with blocklists then traffic goes to the quad9 dns also with own blocklists. Please READ CAREFULLY what i wrote. When i say from WAN i mean from WAN not lan. Maltrail also says clearly what interface generate traffic. AND my dns connection goes trough TLS. Thats why i dont understand why port 53 connections from WAN.

I dont know do i can handle it alone. Im just user looser and newbie.

My maltrail detected mass connection to malware related domains in about 3 minutes (many different domains). This gonnections was made over port 53 even when i have set dns over tls. This connecions was made from WAN ip adress not from lan. Is it possible that my opnsense instance is infected?

EDIT: Currently partially solved by blocking outgoing traffic from WAN with port 53 destination. But i am network newbie i dont know its enough.

Ok. Thanks for explanation. Probably there was some unwanted traffic between subnets, thats why rule not started imidietelly. Thats why i separate iptv decoder made in china (from my isp) and other machines. Nobody knows what that device doing on internal side of firewall.

Adding block rule with destination "vlan net" built in alias (autogenerated) has no any effect on destination it still can be pinged from LAN net. Same with reversed direction with blocked LAN net destination.

When i set my own alias with 192.168.3.1/24 network (vlan net ip range) and block it as destination it works as intended destination cannot be pinged (whole address pool).

I know proper rule order in opnsense. It dont even work when one rule is present on lan interface with access to all from any address but with !vlan net destination (reverse destination). With this rule ip adresses in vlan net can be pinged without any restriction.

for example this rule wont block access to tv net (vlan): IPv4 *    LAN net    *    ! tv net    *    *    *  (pass rule)

Only aliases set by me worked, but not any * net aliases autogenerated by opnsense.

Im newbie so i may dont understand something.

So much wrong there:

1. It is not OS/hardware-related at all.
2. Linux does not suck. It can handle VLANs, I gave you the pointers on how to do it if need be.
3. That being said, you should not use VLANs on any client, because that is not how this is supposed to work. We explained that multiple times.

I give up here.

Im not configuring vlans on clients. Configuring this on opnsense, and managed switch. Linux connects only trough untagged vlan. Windows connects trough everything (even tagged). That was said.

I can say that problem is solved. Achived subnets separation with vlans on linux but on non tagged vlans. :-)

Im digging deeper. Its hardware/os related.
-Windows on my 5 year old computer connects to the internet trough everything i just can imagine (realtek network card).
-Fedora and debian on same pc connects to the internet only trough untagged vlan and LAN net. But vlan works on 5 year old pc with linux (unfortunatelly untaged).
-On pc about 10 years or more old there is no connection over anything related to vlan.

UPDATE: Windows 11 connects you with everything you want trough whatever you want. Linux sucks. Connected 11 years old pc with 14 years old network card and it works trough tagged vlan. Linux has problem with that with default setup. I dont know how to connect debian trough tagged vlan.

Yes. My english is limited. Its not my native language. I know its expected. Read on reddit that one person had identical problem as mine. Problem was solved by setting untagged vlan. How to set untagged vlan on opnsense?

Ive set properly everything. I get tagged vlan assigned to port 8 on my managed switch. Only this port connects to the assigned vlan and devices on other ports have different vlans / connect to LAN net. I get address pool from dhcp assigned to vlan device. Windows 11 and mikrotik device has connection in this way. My linux machines cannot connect, they just only pull ip adresses from vlan dhcp. It may be mtu problem? On my windows machine i get lower mss value on tests site when im connecting via vlan its normal situation and indicates that im connecting via tagged vlan.

Anyone can provide info how to connect debian/debian based distro to the internet trough vlan?

Its not rule fault. This is my firewall rule for vlan: IPv4 *    *    *    *    *    *    *
One device has connection (win 11) but other not connecting even when leasing ip from same vlan (linux). Same rule same vlan. Same ip pool.

EDIT: I must add that opnsense has something broken with displaying dhcp leases. Invisible device has access to the internet. Visible one has no access. Sometime leases refresh very long (over 30 minutes or more).

EDIT2: Tried on my pc with dual boot windows 11/fedora linux. On win 11 network works. Rebooted into fedora and no connectionto the internet. SAME settings on swtich/opnsense, even same machine. Why is this happening to me? hahaha :D

EDIT#: Read some info on internet. This errors with vlans are network-manager for linux (gui) fault. Replacing network-manager may help. But i just build my network in another way, and stop using linux on my machine.

Its os/device dependent. Updated previous post. One configuration on opnsense. Switching beetween networks by swtich device. Linux has no access over vlan but windows and access point have.

Edited my previous post. Read it. I got firewall rules on any vlan thats allow acces to everything. Only vlan with tag 10 has access to the internet.

Little update: Connected pc to vlan tag 10 network. No internet access at all. Same time my hap ac2 mikrotik router has access in parallel from same sybnet. I dont know what is hapenning here. Mtu errors or something?

BIG update 2 : Maybe its operating system dependent. Mikrotik, and windows 11 machine has access to the internet over the vlan. Same vlan same settings. Two pcs with debian, and mx linux, and android based iptv decoder have no access to the internet. Something is wrong with os or its opnsense?

Ok now ive set it properly. Vlan devices have proper leases. BUT now no internet on vlans. Ive created rule for allow all at vlan side. Its not dns fault i cannot even ping 1.1.1.1. Any advice?

Read some info somewhere on the internet that opnsense allows only vlans with tag number 10 to access internet by default. I dont know what to do. I got vlan tags: 10,20,30,40 on different vlans. Same configuration everywhere excluding vlan interfaces names. Only vlan tagged with 10 has no problem with internet access. Other tags have no access to the internet.