Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Virtual private networks
»
iptables not installed on AWS OPNsense instances
« previous
next »
Print
Pages: [
1
]
Author
Topic: iptables not installed on AWS OPNsense instances (Read 1208 times)
debrucer
Newbie
Posts: 10
Karma: 1
iptables not installed on AWS OPNsense instances
«
on:
February 06, 2023, 06:33:59 pm »
Almost every tutorial and all the Wireguard configuration script sites use iptables as part of the Wireguard installation, yet iptables is not part of the VM on AWS. The same is true for pfSense, no iptables. While I had paid support for pfSense, I asked the techs why this was so, and I got some song and dance about people installing packages they don't need. Not much of an answer.
Is iptables required? What is an equivalent set of rules in OPNsense to replace the lack of iptables?
Can I do the required masquerading without iptables?
Logged
Patrick M. Hausen
Hero Member
Posts: 6830
Karma: 574
Re: iptables not installed on AWS OPNsense instances
«
Reply #1 on:
February 06, 2023, 06:39:17 pm »
Iptables are available on Linux, only. Neither pfSense nor OPNsense are built on Linux. They are built on FreeBSD. Both FreeBSD based firewalls use the pf engine, hence the original name pfSense.
You can use the UI to configure every aspect of the system including WireGuard.
Logged
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do.
(Isaac Asimov)
debrucer
Newbie
Posts: 10
Karma: 1
Re: iptables not installed on AWS OPNsense instances
«
Reply #2 on:
February 07, 2023, 01:30:33 am »
Thankyou. That in itself makes perfect sense. It still remains confusing. On Linux I'd be tempted to turn iptables off to start with. I guess I don't know what masquerading is, perhaps not even how to spell it. I'm having a heck of a time with os-wireguard. I previously had wireguard-go working to some extent. But it is my intention not to use Go going forward.
I just wrote a diatribe and deleted it. So frustrated that I don't know where to begin to describe it and don't want to take it out on the world here.
I have not installed the Go components (this time) and have Wg disabled in the console tabs. No interface, no peers. My plan to use and rebuild a tunnel (by hand, outside the console) and three peers and run through wg-quick and pay little attention to them in the console. They do not seem to register status and handshake correctly.
This has been a full-time obsession since mid-November, learning pfSense, then OPNsense, and a bit about networking. I hope to pay strick attention to the man pages on wg and wg-quick, and avoid everything I read elsewhere. Seems to have commercial instructions mixed into every Google post.
I agree that I should be able to do it all from the console. I'm not sure it's all my fault it's not working today.
Thanks again.
Logged
Greelan
Hero Member
Posts: 1028
Karma: 72
Re: iptables not installed on AWS OPNsense instances
«
Reply #3 on:
February 07, 2023, 03:51:59 am »
Had a look at the OPNsense wiki?
There are good guides there for road warrior and selective routing setups. What are you trying to achieve?
Logged
debrucer
Newbie
Posts: 10
Karma: 1
Re: iptables not installed on AWS OPNsense instances
«
Reply #4 on:
February 07, 2023, 05:58:29 pm »
When I hear "road warrior" I now envision a product this is used for a particular type of user: a road warrior. Nothing wrong with that; but the implementation details are still wrapped in a commercial-ish setup. The rules, the software, the servers are not all in my control. It's been setup to do a job, and apparently it does it well. I'm not doing a very good job of explaining my position here. Even wg and wg-quick don't work perfectly together. Quick puts parameters in the configs that wg can't interpret. I have attached a now slightly outdated drawing of what I am trying to achieve. I have VPCs in four AWS regions, a copy of OPNsense residing on the public network of each. Each VPC is using two AZs within the region. Each AZ has the one public network and two private subnets: one for applications, one for databases. There are App servers and database servers on each subnet (in only one AZ, the second AZ is not currently used. It will be setup for failover).
My goal is to tunnel everything per the attached drawing, and then, to eliminate the tunnels and use the AWS capability to "share VPCs across regions". A very similar setup, without tunnels. Okay, I will still need the tunnels from home; but after that, share the resources between VPCs as if they were all in the same location.
That's what I'm trying to do. Pretty short explanation: but you should be able to grasp what I'm up to here.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Virtual private networks
»
iptables not installed on AWS OPNsense instances