136
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
137
Web Proxy Filtering and Caching / Re: Transparent HTTP Proxy
« on: November 10, 2021, 07:59:22 pm »
Just redirect HTTP (port forward) and forward HTTPS unmodified (just a normal pass rule) to the internet.
138
Tutorials and FAQs / Re: API Documentation
« on: November 06, 2021, 08:57:03 am »I have to add over 100 vlans + NAT rules + DHCP Servers and don't want to do that by hand.
I would do that directly in the config.xml.
Download it, create your settings and upload it again. Afterwards reboot after checking everything is there.
139
21.7 Legacy Series / Re: Can using LAG improve a 1gbps connection? even slightly?
« on: November 06, 2021, 12:00:57 am »
Actually it will load balance but with no benefit. If I read the posting correctly, you want to load balance to the modem
However, the Modem still has one GBit to the internet, so the packets cannot be forwarded faster than one GBit from OPNsense, even if you have a two GBit link to the modem.
Link aggregation allows you to virtually bind multiple physical lines into one virtual. There you can fail over or load balance (get more speed).
However, the Modem still has one GBit to the internet, so the packets cannot be forwarded faster than one GBit from OPNsense, even if you have a two GBit link to the modem.
Link aggregation allows you to virtually bind multiple physical lines into one virtual. There you can fail over or load balance (get more speed).
140
German - Deutsch / Re: USB-Festplatte im Netzwerk freigeben
« on: November 03, 2021, 09:43:11 pm »
Du musst dir da erstmal Gedanken machen, wie du die freigeben willst.
* Als Datenträger -> iSCSI
* Als Netzwerk-Dateisystem -> SSH, NFS, Samba, FTP, WebDAV
* USB-Forwarding -> http://usbip.sourceforge.net/ (wobei ich nicht weiß, ob das überhaupt auch auf FreeBSD läuft)
* Als Datenträger -> iSCSI
* Als Netzwerk-Dateisystem -> SSH, NFS, Samba, FTP, WebDAV
* USB-Forwarding -> http://usbip.sourceforge.net/ (wobei ich nicht weiß, ob das überhaupt auch auf FreeBSD läuft)
141
Development and Code Review / Re: Custome and rebranding opnsense
« on: November 03, 2021, 09:33:04 pm »
You can copy the OPNsense theme directory and make your own.
Examples of themes can be found here:
https://github.com/opnsense/plugins/tree/master/misc
BTW: If your changed don't survive a reboot, then you are likely working with a live system and not an installed system. An installed OPNsense will only overwrite changes to its source files when you install updates.
Examples of themes can be found here:
https://github.com/opnsense/plugins/tree/master/misc
BTW: If your changed don't survive a reboot, then you are likely working with a live system and not an installed system. An installed OPNsense will only overwrite changes to its source files when you install updates.
142
Web Proxy Filtering and Caching / Re: redis - wordpress
« on: November 02, 2021, 06:33:31 pm »
The Redis plugin is used for internal caching by services that need that cache.
One example would be rspamd. Another one is ntopng.
One example would be rspamd. Another one is ntopng.
143
German - Deutsch / Re: Naxsi Rules erstellen - wie richtig whitelisten?
« on: November 01, 2021, 07:17:25 am »
Naxsi schreibt jede Blocking-Entscheidung ins Log. Daher ist es eher unwahrscheinlich, dass Naxsi blockiert.
Was du noch probieren kannst: Bot Protection im HTTP Server abschalten.
Was du noch probieren kannst: Bot Protection im HTTP Server abschalten.
144
German - Deutsch / Re: Veröffentlichung von Microsoft ADFS mittels haproxy
« on: November 01, 2021, 07:10:58 am »
503 bedeutet, dass der Proxy keine Verantwortung oder Antwort vom Backend bekommt. Würde daher die Rules und die Backends prüfen und wenn da alles passt, steht ggf. was im Log.
145
German - Deutsch / Re: Naxsi Rules erstellen - wie richtig whitelisten?
« on: October 30, 2021, 06:07:22 pm »
Ein paar Regeln sind trotz learning mode aktiv. Das sind built in rules von naxsi, die man explizit abschalten müsste. Die erkennt man an den kleinen IDs (<100).
146
German - Deutsch / Re: Naxsi Rules erstellen - wie richtig whitelisten?
« on: October 29, 2021, 06:57:18 pm »
Ist schon ne Weile her, dass ich das geschrieben habe. Aber soweit ich das noch in Erinnerung habe, kannst du den Header Wert, also nicht den Namen dort whitelisten.
147
21.7 Legacy Series / Re: IPV6 - Web Proxy
« on: October 27, 2021, 08:59:09 pm »
fe80: + something is a link local address. It is not a routable address and exists only for local connections and packet forwarding but never for the internet traffic.
IPv6 cannot be disabled. It will always be there. However since SLAAC is blocked, IPv6 cannot be used.
IPv6 cannot be disabled. It will always be there. However since SLAAC is blocked, IPv6 cannot be used.
148
General Discussion / Re: Announce: new OPNsense community repository
« on: October 27, 2021, 05:49:53 pm »
@mimugmail JNI is for loading native code. My guess is that it tries to load a Linux so file on FreeBSD. This shared object is likely somewhere in a jar file.
149
Web Proxy Filtering and Caching / Re: NGINX - Advanced ACL Authentication Backend
« on: October 26, 2021, 01:44:20 pm »
No, this feature is doing a stateless authentication call to the authentication server.
150
Intrusion Detection and Prevention / Re: is it possible to bypass IDS/IPS to during backup transfer?
« on: October 25, 2021, 08:00:24 pm »
Since Suricata is scanning everything that goes over an interface, the solution is likely another interface.