Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
Frech install - basic configuration
« previous
next »
Print
Pages: [
1
]
Author
Topic: Frech install - basic configuration (Read 224 times)
Issa2024
Newbie
Posts: 6
Karma: 0
Frech install - basic configuration
«
on:
November 16, 2024, 08:36:52 am »
Hello i want add opnSense to secure my house network
but i can't make it works :/
so this is my config :
Internet <-----> OpnSense <-----> Serveur DNS
|--> My laptop
Atachment 1 for the diagram -->
https://i.imgur.com/JZd1F4X.png
So i want block all things and i want only :
HTTP - HTTPS from all laptop and only DNS protocole to the serveur DNS
So after a frech install
1/ i activate the dhcp serveur and i add the dns serveur by default
2/ i configure only 3 rules :
https://i.imgur.com/stcw2j7.png
But thant not working my computer can go to the internet using my dns serveur
Do u know what is wrong on my config please
Logged
dseven
Sr. Member
Posts: 306
Karma: 33
Re: Frech install - basic configuration
«
Reply #1 on:
November 16, 2024, 10:10:12 am »
The two rules at the top allow your LAN hosts to talk to *any* destination, and the first rule to match wins. You could delete or disable those rules. I'm assuming that your LAN hosts are configured to use your DNS server at 192.168.1.6, and not OPNsense, so you don't need a rule to allow DNS to OPNsense.
You probably want to change your DNS rule to TCP/UDP, as sometimes DNS uses TCP on port 53.
Logged
Issa2024
Newbie
Posts: 6
Karma: 0
Re: Frech install - basic configuration
«
Reply #2 on:
November 16, 2024, 11:36:55 am »
What do u think of this config ?
I got access to the SERVEUR DNS on 53 port in
and i give acess to LAN network to http and https
how i can see if the rules is used or not ?
thanks
Logged
dseven
Sr. Member
Posts: 306
Karma: 33
Re: Frech install - basic configuration
«
Reply #3 on:
November 16, 2024, 12:08:48 pm »
If you enable logging for your rules (click on the little (i) button, or just edit the rules and enable it), you should see when they get used under Firewall -> Log Files -> Live View.
Your DNS rule is probably wrong - in addition to the protocol being UDP only (should be TCP/UDP), you have the destination as "WAN net", which would be the subnet associated with your WAN interface's address. Unless your DNS server is forwarding to another DNS server on that subnet, you probably want to change that rule destination to "any".
Logged
Issa2024
Newbie
Posts: 6
Karma: 0
Re: Frech install - basic configuration
«
Reply #4 on:
November 16, 2024, 01:51:25 pm »
What the difference between wan net - Wan address - Web net ?
Logged
dseven
Sr. Member
Posts: 306
Karma: 33
Re: Frech install - basic configuration
«
Reply #5 on:
November 16, 2024, 05:38:11 pm »
"WAN address" is the WAN interface's IP address. "WAN net" is the network part of the WAN interface's IP address - e.g. if the address was 100.10.20.30/24, the network part would be 100.10.20.0/24.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
Frech install - basic configuration