Recent posts

#1
26.1, 26,4 Series / Re: WAN interface passing to p...
Last post by glenb2 - Today at 12:53:14 PM
Quote from: Bob.Dig on Today at 09:26:47 AM
Quote from: glenb2 on Today at 03:00:03 AMSorry if this is a dumb question
That is how routing works, if it is not local, it gets out the default gateway.

Why is your last screenshot not showing any ports, that is dumb for sure.

Showing who you really are on the internet is dumb for sure. Have the life you deserve. :)
#2
26.1, 26,4 Series / Re: WAN interface passing to p...
Last post by lmoore - Today at 12:47:09 PM
Quote from: glenb2 on Today at 07:35:42 AMHere are my rules.

If the unknown and unexpected traffic is originating from inside the network, e.g, from either IOT, LAN or WireGuard interfaces, enabling logging on the LAN, WAN and WireGuard rules should show where they are coming from.

Looking at these rules, I would hedge my suspicion towards the WireGuard interface as the LAN & IOT rules are restricting the connections from these networks to their respective network addresses.

If this traffic is unexpected, it is advisable to identify their source and resolve the real problem.

Depending on how you use your WireGaurd VPN, you could have one or more rules and set the Source to be WireGuard (Group) network.

Are their any Wireless Access Points connected to the network?
#3
26.1, 26,4 Series / Re: 2 WAN Uplinks split routin...
Last post by viragomann - Today at 11:58:49 AM
Tagging of incoming traffic should be done automatically by the firewall rule on the WAN interface, which passes it. You should just get sure, that the respective interface pass rule is applied to the traffic, but no other (floating or group).
OPNsense should route the replies accordingly to the reply-to tags.

If no success either, you can state the reply-to gateway in each rule manually.
But anyway you have to ensure that the respective rule is applied. This presumes that you state a unique name for the rule and enable logging.
#4
26.1, 26,4 Series / Re: WAN interface passing to p...
Last post by glenb2 - Today at 11:52:35 AM
Thank you. I didn't expect I would have to do that. I came here for education. Thank you..

I politely steer whoever to notice from my first post that I described outward traffic.

Thank you wincent, lmoore and Monviech
#5
26.1, 26,4 Series / Re: WAN interface passing to p...
Last post by wincent - Today at 11:31:42 AM
Quote from: glenb2 on Today at 09:54:00 AMThere is no range. It is just a single number that allows for VPN access into OPNsense from the internet.


Bob.Dig, I'm here asking for help and to learn because I'm not a network engineer. Wincent is asking about an 'in' rule. My concern is that I don't understand why I'm seeing outbound traffic to what I thought were private address spaces from my WAN interface.


I thought it was inbound traffic, but if it's outbound, it's normal. As Bob.Dig said, the firewall defaults to sending all non local packets to the default gateway.

If you don't want to see these, set a rule as lmoore mentioned to intercept them.

:)
#6
You can try to edit /usr/local/opnsense/scripts/wireguard/reresolve-dns.py like described here and try if this works for you:

https://github.com/opnsense/plugins/issues/3565#issuecomment-4841782276
#7
Tutorials and FAQs / Re: [HOWTO] Sonos speaker in m...
Last post by kbthomelab88 - Today at 11:10:24 AM
This is my sonos vlan setup for sonos
#8
Tutorials and FAQs / Re: [HOWTO] Sonos speaker in m...
Last post by kbthomelab88 - Today at 11:09:51 AM
This is my lan setup for sonos
#9
Tutorials and FAQs / Re: [HOWTO] Sonos speaker in m...
Last post by kbthomelab88 - Today at 11:08:58 AM
thanks for letting me know
#10
Please do not use "image hosting" sites at all. This is a gross violation of the privacy of all people opening this thread.

Pictures can be attached to your forum post directly in the forum.