OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Recent Posts

Recent Posts

Pages: [1] 2 3 ... 10
1
17.1 Production Series / Re: Layer 7 inspection with firewall rules
« Last post by fabian on Today at 12:08:11 PM »
If you want to have different servers behind the same IP/Port, you are probably interested into using a reverse proxy. A plugin is available for HAProxy, nginx is in the ports if preferred (no GUI support).
2
17.1 Production Series / Re: Access Servers - Groups Scope Remote
« Last post by AdSchellevis on Today at 10:24:05 AM »
Hi Douglas,

We don't query the ldap for groups during our authentication process, to avoid cluttering of the authentication/authorisation code.
At the moment you need to assign the groups manually in OPNsense (or use extended queries if you just want to provide access to a certain ldap group).

To implement ldap groups, there should be a periodic synchronisation to link the groups, so the auth system can use it's own administration again. It's not planned at the moment, maybe later.

Best regards,

Ad
3
17.1 Production Series / Re: Internet slow on lan interface
« Last post by angel2040 on Today at 03:30:06 AM »
I'm having the same problem.  Except I'm running on one of these:

Mini PC J1900 Quad core CPU, 4 LAN (Intel)
with 8 gigs of ram and 500gig ssd.

The cpu doesn't get over 10% and only using 14% of the 8 gigs.

So I just switched from uverse (75mps) to spectrum because you know, who doesn't want 300mps internet for $20 more per month.   If shutdown both spectrum ARIS modem and the opnsense FW, turn it back on, the very first speed test is 300mps down, 20 mps up.  Any subsequent tests after that I get 100mps down, 20 mps up??  I've checked the MTUs (with a laptop directly attached to the ARIS) and it's 1500. 


4
17.1 Production Series / Layer 7 inspection with firewall rules
« Last post by jberg on Today at 12:39:57 AM »
Hello,

I tried to find any information about layer 7 (application layer) inspection and potential to do firewall rules based on like destination urls. I have done this with clavister firewalls before and it works great but currently i don't have access to clavister licenses.

The background is i run serveral servers on different SVI/vlans on the inside, and only one ip on WAN. I basically need same ports available on several places, its a small nightmare to do this on portbased options, hence the question.

Is Application layer firewall rules something that could come in the future or any way to do this today?

Regards, Joel
5
17.1 Production Series / Re: Setting up multiple IPs on 1 WAN connection
« Last post by bartjsmit on Today at 12:17:43 AM »
The NAT only allows the packets to be rewritten correctly on their way in and out of your network from the internet.  You still need a rule on the firewall to allow this to happen.

In your case, add a rule to the WAN section with a source set to any, protocol TCP, destination 'Single host or Network' set to the internal IP of your web server and the port to HTTP

Bart...
6
17.1 Production Series / Re: Web Proxy Bind squid to Wan Interface
« Last post by Douglas Fischer on July 21, 2017, 10:33:45 PM »
Tetes with static IP Address and it Worked. Thanks!

A cooment:
On a point of view of physical servers, or firewall as itself...
It's an "understandable" behavior!

But on a several Virtualized Servers environment, it is a restriction that makes the things harder.
7
17.1 Production Series / Re: Access Servers - Groups Scope Remote
« Last post by Douglas Fischer on July 21, 2017, 10:28:44 PM »
TestAuthentication_OPNSense-noGroup
https://imagebin.ca/v/3UAhOMFK9pJP


TestAuthentication_PFSense-WithGroup
https://imagebin.ca/v/3UAhsKZHAdPD
8
17.1 Production Series / Access Servers - Groups Scope Remote
« Last post by Douglas Fischer on July 21, 2017, 10:17:53 PM »
I have a LDAP(Active directory) and Radius(NPS) configured on my OPNsense 17.1.10-amd64.

On System -> Access -> Tester i receive an "authenticated sucessfully".
But I don't receive any groups on any test, Radius and LDAP.

- I have a group on AD and I'm on it
- I have a group configured on OPNSense configured with the exactly same name of ActiveDirectory Group.
- On Radius(NPS) I added the "Class" attribute to be delivered on the police matching with my group, and the string is exactly the same of the group name on OPNSense.
- I Tried tests using "administrator" of my domain on DN of LDAP server configuration...

Looks like OPN System is ignoring the groups that Radius and LDAP are telling him.
The behavior is the same 

For the records:
I'm doing some efforts to migrate from PFSense to OPNSense on several sites.
So I have two VMs to do the comparison "PF vs OPN", and any thing that is needed is equivalent to both servers.

And the Groups are working as expected on PFsense.

Any Suggestions?
9
16.7 Legacy Series / Re: Torrent Blocking - P2p Clients
« Last post by interkrome on July 21, 2017, 09:51:41 PM »
Try suricata and enable et p2p with drop action
10
German - Deutsch / Re: API: Erzeugung von Voucher mittels API
« Last post by Webserver01 on July 21, 2017, 08:43:04 PM »
Danke für deine Antwort!

Ich werde es morgen mal probieren!
Pages: [1] 2 3 ... 10
OPNsense is an OSS project © Deciso B.V. 2015 - 2017 All rights reserved
  • SMF 2.0.13 | SMF © 2016, Simple Machines | XHTML | RSS | WAP2