"Recent posts
#21
German - Deutsch / Re: Welches DSL-Modem für VDSL...
Last post by meyergru - Today at 11:38:57 AMDas sind keine "Levels", weil die nicht Ober- oder Untermengen voneinander sind. Ich habe gerade eben übrigens Firehol 2-4 für outbound Zugriff weggenommen, weil irgendeine davon Github (140.82.121.4) geblockt hat.
#22
German - Deutsch / Re: Welches DSL-Modem für VDSL...
Last post by k0ns0l3 - Today at 11:28:43 AMKurze Frage, welches Firehol Level wird empfohlen für OPNsense. Es geht um private IP-Adressen . Verbindung wird zum Telekom aufgebaut und dann nach paar Minuten verabschiedet sich Verbindung.
Danke für Hinweis. Die Sachen mit Umstellung von Fritz zum vigor ist doch nicht so einfach 😆
Lg Robert
Danke für Hinweis. Die Sachen mit Umstellung von Fritz zum vigor ist doch nicht so einfach 😆
Lg Robert
#23
German - Deutsch / Re: Problem mit Port Forwardin...
Last post by BeTZe313 - Today at 10:56:59 AMWeil bei Destination "Wan Address" ausgewählt ist?
#24
General Discussion / Re: Securing interactive hospi...
Last post by meyergru - Today at 10:52:34 AMJust a question:
OpnSense 24.1 is - as the name suggests - two years old and since it is a CE version, will get no security updates any more (and also has not gotten them in a long time).
Are you sure you want to use it in an environment where sensitive patient data and/or medical equipment is involved? I understand that you want to separate out touch screens for a less security-related application, but the keyword here is "separate".
Or are you just telling us OpnSense 24.1 is still in use in that environment and you want to add another application? Because that would be just as bad...
OpnSense 24.1 is - as the name suggests - two years old and since it is a CE version, will get no security updates any more (and also has not gotten them in a long time).
Are you sure you want to use it in an environment where sensitive patient data and/or medical equipment is involved? I understand that you want to separate out touch screens for a less security-related application, but the keyword here is "separate".
Or are you just telling us OpnSense 24.1 is still in use in that environment and you want to add another application? Because that would be just as bad...
#25
German - Deutsch / Re: Problem mit Port Forwardin...
Last post by Bob.Dig - Today at 10:45:30 AMQuote from: BeTZe313 on Today at 08:48:56 AMNein, die Webseite liegt in meinem Lokalen NetzTut sie nicht lt. deinem Bildchen.
#26
German - Deutsch / Re: Problem mit Port Forwardin...
Last post by BeTZe313 - Today at 08:48:56 AM@meyerguru
Sorry, übersehen. Ich habe jetzt beides ausprobiert. Es funktioniert weder bei "Enable" noch bei "Disable".
@viragomann
Nein, die Webseite liegt in meinem Lokalen Netz und ich möchte sie von einem anderen Rechner außerhalb meines LANs übers Internet erreichen.
Sorry, übersehen. Ich habe jetzt beides ausprobiert. Es funktioniert weder bei "Enable" noch bei "Disable".
@viragomann
Nein, die Webseite liegt in meinem Lokalen Netz und ich möchte sie von einem anderen Rechner außerhalb meines LANs übers Internet erreichen.
#27
Development and Code Review / Adding an option "Group member...
Last post by jakobsen-lrz - Today at 08:37:49 AMHello, i wanted to implement a feature for OPNsense concerning LDAP authentication. OPNsense always assumes that the LDAP attribute "memberof" is used to specify which groups a user is a member of. The Problem is that we use a completely custom LDAP attribute for this. So i wanted to add an Option "Group member attribute" to specify which Attribute to check.
I have already implemented this myself, and it seems to work without Problem on my OPNsense instance. I have a branch ready for a pull request, and have opened an issue regarding this, but i dont know how i should continue with this. Is this even something that would be accepted?
I have already implemented this myself, and it seems to work without Problem on my OPNsense instance. I have a branch ready for a pull request, and have opened an issue regarding this, but i dont know how i should continue with this. Is this even something that would be accepted?
#28
General Discussion / Securing interactive hospital ...
Last post by Riem - Today at 08:17:42 AMHi,
I'm setting up a network for interactive signage terminals (wayfinding) in a hospital and I want to secure it. I'm using version 24.1. The idea is to isolate the touch screens on a dedicated VLAN so that they don't interfere with the medical network. What do you recommend for the output rules? Pure FW or should I go through a proxy? I'm a little worried that Suricata will mess up the map update flows. If anyone has already managed this kind of network on this version, I'd love to hear your feedback.
Thanks!
I'm setting up a network for interactive signage terminals (wayfinding) in a hospital and I want to secure it. I'm using version 24.1. The idea is to isolate the touch screens on a dedicated VLAN so that they don't interfere with the medical network. What do you recommend for the output rules? Pure FW or should I go through a proxy? I'm a little worried that Suricata will mess up the map update flows. If anyone has already managed this kind of network on this version, I'd love to hear your feedback.
Thanks!
#29
25.7, 25.10 Series / Re: Setting VLAN on Proxmox + ...
Last post by sammasid - Today at 08:06:55 AMThe firewall rule
#30
25.7, 25.10 Series / Setting VLAN on Proxmox + OPNs...
Last post by sammasid - Today at 08:02:25 AMFirst of All I am very ThankFull to Opnsense Team for such an amazing piece of firewall. Well I am new to it.
I have setup my OPNsense as VM inside Proxmox server at home with vtnet0 as WAN, vtnet1 as LAN and vtnet2 as VLAN . I am having 4 physical NICs.
Coming over to Linux Bridges side
So for so I am good. If I attach vmbr2 which is LAN NIC for Opnsense to any other VMs network in my proxmox, it gets IP address from my Opnsense LAN IP Range. These mean things are working. (keep in mind, this NIC is also plugged into my TP-Link router. Only when I am connected to this, I can ssh my VMs)
Now coming towards the HELP I need - THE VLANS side
On vmbr2, I have created 2 Vlans
In OPNsense GUI Interface>Devices>VLAN I have add a vlan with tag 20 on parent vtnet1 which is a LAN.
In OPNsense GUI Interfaces>Assignment I have assigned the device to interface and named it Cloud than enable the interface and configure a static IPV4 192.168.20.1/24.
In OPNsense GUI Services>ISC DHCPV4>[Cloud], I enable DHCP server on Cloud interface and set Range 192.168.20.100 to 192.168.20.150
In OPNsense GUI Firewall>Rules>Cloud, I created a rule Pass, interface:cloud, Direction:in, TCP/IP Version:IPV4, Protocol:any, Source:any, Destination:any
for test purpose.
I than add tag 20 to VM with vmbr2 in proxmox. I found that no IP address is assigned and I cannot get internet access.
NOTE to CONSIDER
My motivation is to get a VLAN on my LAN bridge vmbr2 to which I can attach any other VM in future. Need help KINDLY.
Regard's
Sam
I have setup my OPNsense as VM inside Proxmox server at home with vtnet0 as WAN, vtnet1 as LAN and vtnet2 as VLAN . I am having 4 physical NICs.
- ensp1so as main NIC attached to my proxmox server. Internet connection coming directly from my router Lan port 1 into this NIC
- enx00e04c68011b as a WAN NIC for OPNsense VM separately. Internet connection coming out from my router Lan port 2 in this NIC
- enx00e04c680647 as a LAN NIC for OPNsense VM. I attached my TP-Link wifi router to this NIC as bridge network so that I can connect my laptop to this wifi and access my opnsense GUI. Also I can surf internet and few mobile devices are connected to this wifi
- enxa0cec80cf6dc as a VLAN NIC. Not attach/ used yet for anything. No connection cable in it. Spare totally
Coming over to Linux Bridges side
- vmbr1 brigde Port enx00e04c68011b (WAN NIC for OPNsense VM separately as mentioned above)
- vmbr2 bridge Port enx00e04c680647 (LAN NIC for OPNsense VM as mentioned above)
- vmbr3 bridge Port enxa0cec80cf6dc (VLAN NIC as mentioned above)
So for so I am good. If I attach vmbr2 which is LAN NIC for Opnsense to any other VMs network in my proxmox, it gets IP address from my Opnsense LAN IP Range. These mean things are working. (keep in mind, this NIC is also plugged into my TP-Link router. Only when I am connected to this, I can ssh my VMs)
Now coming towards the HELP I need - THE VLANS side
On vmbr2, I have created 2 Vlans
- vmbr2.10
- vmbr2.20
In OPNsense GUI Interface>Devices>VLAN I have add a vlan with tag 20 on parent vtnet1 which is a LAN.
In OPNsense GUI Interfaces>Assignment I have assigned the device to interface and named it Cloud than enable the interface and configure a static IPV4 192.168.20.1/24.
In OPNsense GUI Services>ISC DHCPV4>[Cloud], I enable DHCP server on Cloud interface and set Range 192.168.20.100 to 192.168.20.150
In OPNsense GUI Firewall>Rules>Cloud, I created a rule Pass, interface:cloud, Direction:in, TCP/IP Version:IPV4, Protocol:any, Source:any, Destination:any
for test purpose.
I than add tag 20 to VM with vmbr2 in proxmox. I found that no IP address is assigned and I cannot get internet access.
NOTE to CONSIDER
My motivation is to get a VLAN on my LAN bridge vmbr2 to which I can attach any other VM in future. Need help KINDLY.
Regard's
Sam
