Author Topic: (solved) Opnsense DMZ (Read 5123 times)

klausneil · « **on:** May 16, 2016, 01:17:12 am »

Hi, i need configure my opnsense by allow access from the LAN to my DNS Server that is in my DMZ, please anybody tell me how make this or documentation or link. Please help me.

fabian · « **Reply #1 on:** May 16, 2016, 10:52:25 am »

you need a pass rule
=> from: your lan network
=> destination: ip of your dns server
=> destination port: 53
=> protocol: udp using IPv4/IPv6

klausneil · « **Reply #2 on:** May 18, 2016, 01:57:25 am »

Thanks fabian, but i try this rule but not connect, my schema is this

internet(190.21.22.12)----router(192.168.1.1)----eth0(192.168.1.2)----opnsense----eth1(192.168.15.1)----LAN PCs (192.168.15.0/24)
I___eth2 (192.168.10.1) ---- DMZ (192.168.10.0/24)
I__MAIL(192.168.10.13)
I__DNS(192.168.10.3)

By default my network is pointing to dns server of the opnsense but how i can connect from my LAN net to the DNS that is in my DMZ.

fabian · « **Reply #3 on:** May 18, 2016, 08:34:00 am »

If you want to use it as a recursive resolver for your clients, you probably want to configure it in the DHCP settings.

klausneil · « **Reply #4 on:** May 19, 2016, 06:33:20 am »

Hi my configuraton in my client winxp is this

ip: 192.168.15.27
netmask: 255.255.255.0
gateway: 192.168.15.1
dns: 192.168.10.3

And my rule is this image. but i not connect to internet, i can make ping to 192.168.10.3 from winxp and the log say that the machine is allow to dns, why this?

franco · « **Reply #5 on:** May 19, 2016, 08:15:02 am »

Can you check your DNS server logs, specifically whether your XP machine queries can reach it?

klausneil · « **Reply #6 on:** May 20, 2016, 01:52:56 am »

Well i try navigate to google.com and eset.com but this not work and the log is the imagen and say:

May 19 18:43:00 bind named[1835]: client 192.168.15.29#1025 (www.eset.com.com): query (cache) 'www.eset.com.com/A/IN' denied

franco · « **Reply #7 on:** May 20, 2016, 07:26:47 pm »

In this case... bind config is missing an ACL entry for your subnet 192.168.15.0/24. It refuses to answer your queries

klausneil · « **Reply #8 on:** May 21, 2016, 12:41:50 am »

Thanks franco, you're right but you can help me? i try configure in named.conf but nothing

fabian · « **Reply #9 on:** May 21, 2016, 11:52:22 am »

can you try to add this to your configuration:
allow-query { 192.168.15.0/24; };

klausneil · « **Reply #10 on:** May 21, 2016, 08:42:28 pm »

Thanks fabian by your help but i try insert the line in my configuration named.conf.options img 01 but i try access to google.com but not work.

klausneil · « **Reply #11 on:** May 21, 2016, 08:48:58 pm »

This is the other image.

fabian · « **Reply #12 on:** May 21, 2016, 10:47:16 pm »

can you try to change the next two directives too?

klausneil · « **Reply #13 on:** May 23, 2016, 10:18:38 pm »

fabian, thank you so much, this work. thanks bro.

klausneil · « **Reply #14 on:** May 24, 2016, 11:38:30 pm »

fabian, i supress this 2 line and work for my LAN but my DMZ not work, when try navigate or install a application example on linux server on dmz this not work, i try configure in allow-query {any;}; but this not solved

Author Topic: (solved) Opnsense DMZ (Read 5123 times)

klausneil

(solved) Opnsense DMZ

fabian

Re: Opnsense DMZ

klausneil

Re: Opnsense DMZ

fabian

Re: Opnsense DMZ

klausneil

Re: Opnsense DMZ

franco

Re: Opnsense DMZ

klausneil

Re: Opnsense DMZ

franco

Re: Opnsense DMZ

klausneil

Re: Opnsense DMZ

fabian

Re: Opnsense DMZ

klausneil

Re: Opnsense DMZ

klausneil

Re: Opnsense DMZ

fabian

Re: Opnsense DMZ

klausneil

Re: Opnsense DMZ

klausneil

Re: Opnsense DMZ