OPNSense Beginner - Wireguard- Firewall

Started by XeroX, May 07, 2020, 02:51:13 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 07, 2020, 02:51:13 PM
Hello,
I've setup my OPNSense switching from UniFi. I've some basic questions.

1. I setup Wireguard via this:
https://wiki.opnsense.org/manual/how-tos/wireguard-client.html
and
https://www.thomas-krenn.com/de/wiki/OPNsense_WireGuard_VPN_für_Road_Warrior_einrichten#Firewall_Regel_f.C3.BCr_WireGuard
this guide.

I partly skipped configuration of Step 2c of the first guide.

Everything is setup and when the Wireguard Interface is not assigned, internal traffic isn't working.
Assigning the Interface allows me internal + external traffic via VPN even without the Firewall NAT Outbound Rule.
What am I doing wrong?

2. I'm using Pi-Hole as DNS. Works like a charm.

However I want to block all other DNS traffic, only pi-hole is allowed to connect to external dns.

- WAN-OUT <Pi-Hole> DST* TCP/UDP 53
- WAN-OUT * DST* TCP/UDP 53

With this rules Pi-Hole is blocked as well, why? Stop on first match is ticked.

Cheers
May 11, 2020, 08:23:36 PM #1
Anyone willing to assist me to allow DNS traffic to Internet from Pi-Hole (and firewall itself) but deny from every other host?
May 11, 2020, 09:52:31 PM #2
Try LAN-IN rules instead of WAN-OUT.

Cheers

Maurice
OPNsense virtual machine images
OPNsense aarch64 firmware repository

Commercial support & engineering available. PM for details (en / de).
May 11, 2020, 10:53:37 PM #3 Last Edit: May 12, 2020, 10:07:20 PM by XeroX
Okay thank you.

Got it working. Rule must be at the TOP with LAN IN.

IPv4 UDP   ! Pi-Hole   *   *   53 (DNS)   *   *   
Print
Go Up Pages1
User actions