How do I (2) - - -

Started by ajoeiam, May 07, 2023, 05:20:41 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 07, 2023, 05:20:41 PM
Greetings

I am going to be setting up opnsense initially to NOT be the router firewall - - - this is to give me time to slowly and carefully work through  a plethora of configuration points - - - - a very full featured system does have negatives (a lot to learn - - - making initial configuration more challenging). How to do this was worked out in my first question (How do I - - - - ).

Follow up questions:

In initial setup I will be using 'n' instead of 'Y' in the router in the setup DHCP area.
How do I change that when I put the configured machine into service?
(Hope I don't have to go back into the initial setup rather a change in the Dashboard - - - can't see an answer  - - - likely because I don't know what I'm doing!)
ISPs tend to use the machine's MAC address to verify use as their client - - - - any ideas on an easy way to have perhaps 2 possible at once?
(Asking here as my ISP is a clueless wonder designed to make big $$$$ for the venture capital firm that bought them not for providing service !)

TIA

(Opnsense is an intriguing product!!!!!!!!)


May 08, 2023, 10:20:18 AM #1
https://docs.opnsense.org/manual/how-tos/transparent_bridge.html

That is one you can check (though might not be what you are looking for).

You don't have to connect opnsense directly to the internet (it's just heck of a lot easier to setup that way), but for NAT, your firewall has to route traffic, otherwise it will just either block or allow any connection to X IP it can find and only thing filtering traffic past that, is device where traffic goes to.
May 08, 2023, 01:53:54 PM #2
It might be easier to setup OPNsense with it connected and fully functional - - - but - - - - somehow the idea that every user STARTS out as pretty much an expert at configuration.
Is that the case - - - - I seriously doubt it.

Perhaps this is something that needs to be brought to the development crew.

There should be some initial setup where one is able to work through the configuration before the appliance is the main tool.

Perhaps the idea is that it is 'easy' to just shut down the present 'routing system' and then one plugs in the new machine, installs OPNsense and everything is wonderful afterward.

My experience with mechanical system is that one does a lot of work to develop a system. Then such a system is approved for installation. Then after the install the is a proving period - - - - does the system actually do all of what it was/is supposed to do - - - things are not only checked they are tested. (Of course the acid test is wanting years of trouble free service but that is the very long term testing 'not' the initial testing for design proof!)
Here I see a quite complicated software system where there are more than a few parts where a setup error is going to be 'not good' - - - - that's besides configuration variabilities - - - yet there are only outside guides for configuration. This lack suggests certain design protocols - - - every user is fully competent - - - - is that actually true - - - I would posit - - - not.

I'm not even sure exactly what to ask for but envision a system setting which would enable a noob to work through as much of the software as they deemed necessary before using the item (OPNsense) as the primary tool.  (Sort of like an aircraft flight trainer - - - aiui - - - besides maybe buzzers and the like there are no permanent resultants from poorly thought out procedures.)

Thanking the dev team for a great product - - - ciao.
May 08, 2023, 04:27:18 PM #3
Ah.....if you are interested to learn about opnsense and it's functions in depth, you can either read the soruce code or buy either a firewall from the store in Opnsense website, or the book that comes with every firewall bought from the official store.

https://www.amazon.com/OPNsense-Beginner-Professional-next-generation-firewalls/dp/1801816875 <---- here's a link for the book
May 08, 2023, 04:29:00 PM #4
@ajojeiam You could spin up a virtual OPNsense to experiment with:
https://github.com/punktDe/vagrant-opnsense
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
May 08, 2023, 05:14:29 PM #5
Quote from: Vilhonator on May 08, 2023, 04:27:18 PM
Ah.....if you are interested to learn about opnsense and it's functions in depth, you can either read the soruce code or buy either a firewall from the store in Opnsense website, or the book that comes with every firewall bought from the official store.

https://www.amazon.com/OPNsense-Beginner-Professional-next-generation-firewalls/dp/1801816875 <---- here's a link for the book

Hmmmmmmmmm - - - - am I correct that did a mechanical engineering course and a mechanics apprenticeship before you bought your first car?

(That's a reasonable comparison to what you're suggesting for the software.
Software 'books' tend to be out of date by the time they're completed and aiui even buying the official hardware does not give a complete install - - - - its still just a basic install with the expectation that details would be modified - - - - so I would be right where I am now - - - - so - - - - why is that a better option?)
May 08, 2023, 05:19:59 PM #6
Quote from: pmhausen on May 08, 2023, 04:29:00 PM
@ajojeiam You could spin up a virtual OPNsense to experiment with:
https://github.com/punktDe/vagrant-opnsense

Hmmm - - - - I find 7 options - - - 5 of which are seriously out of date.

I spent a lot of hours a number of years ago digging around in the virtual system world - - - - landed up getting burnt quite badly.

So its maybe a good idea but I'm more than a little leery of crawling down a hole that caused me so much grief in the past.

I'm a thinking that this might be understandable - - - I hope so:
Da ist ja kein Meister von Himmel gefallen - - - - at least - - - not yet - - - - ja?
May 08, 2023, 06:21:45 PM #7
Quote from: ajoeiam on May 08, 2023, 05:19:59 PM
Hmmm - - - - I find 7 options - - - 5 of which are seriously out of date.
I don't understand. Clone the linked project from Github, type "vagrant up", and you will have a current installation of OPNsense right on your desktop/notebook computer.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
May 08, 2023, 07:14:17 PM #8
Quote from: ajoeiam on May 08, 2023, 05:19:59 PM
Quote from: pmhausen on May 08, 2023, 04:29:00 PM
@ajojeiam You could spin up a virtual OPNsense to experiment with:
https://github.com/punktDe/vagrant-opnsense

Hmmm - - - - I find 7 options - - - 5 of which are seriously out of date.

I spent a lot of hours a number of years ago digging around in the virtual system world - - - - landed up getting burnt quite badly.

So its maybe a good idea but I'm more than a little leery of crawling down a hole that caused me so much grief in the past.

I'm a thinking that this might be understandable - - - I hope so:
Da ist ja kein Meister von Himmel gefallen - - - - at least - - - not yet - - - - ja?

Doesn't make any sense not to read that book or any book, about how firewalls work. (btw that book is pretty much about the same version of Opnsense, as the current version of Opnsense. Just like all firewall and switch firmware, also opnsense isn't updated to very latest version of platforms out there. In fact opnsense runs on couple of version older version of FreeBSD).

You can install oldest maintained version of Opnsense  and you should, if security and stability is your concern, using the very latest version means you are taking a risk of exposing your network to certain exploits as well as not having 100% guaranteed functionality etc. after all free and community supported software is always dependent on community testing and reporting any issues they have.
Print
Go Up Pages1
User actions