Frech install - basic configuration

Started by Issa2024, November 16, 2024, 08:36:52 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 16, 2024, 08:36:52 AM
Hello i want add opnSense to secure my house network

but i can't make it works :/

so this is my config :

Internet <-----> OpnSense <-----> Serveur DNS
                                              |--> My laptop

Atachment 1 for the diagram --> https://i.imgur.com/JZd1F4X.png

So i want block all things and i want only :

HTTP - HTTPS from all laptop and only DNS protocole to the serveur DNS


So after a frech install

1/ i activate the dhcp serveur and i add the dns serveur by default


2/ i configure only 3 rules :

https://i.imgur.com/stcw2j7.png


But thant not working my computer can go to the internet using my dns serveur

Do u know what is wrong on my config please






November 16, 2024, 10:10:12 AM #1
The two rules at the top allow your LAN hosts to talk to *any* destination, and the first rule to match wins. You could delete or disable those rules. I'm assuming that your LAN hosts are configured to use your DNS server at 192.168.1.6, and not OPNsense, so you don't need a rule to allow DNS to OPNsense.

You probably want to change your DNS rule to TCP/UDP, as sometimes DNS uses TCP on port 53.
November 16, 2024, 11:36:55 AM #2
What do u think of this config ?

I got access to the SERVEUR DNS on 53 port in

and i give acess to LAN network to http and https

how i can see if the rules is used or not ?

thanks
November 16, 2024, 12:08:48 PM #3
If you enable logging for your rules (click on the little (i) button, or just edit the rules and enable it), you should see when they get used under Firewall -> Log Files -> Live View.

Your DNS rule is probably wrong - in addition to the protocol being UDP only (should be TCP/UDP), you have the destination as "WAN net", which would be the subnet associated with your WAN interface's address. Unless your DNS server is forwarding to another DNS server on that subnet, you probably want to change that rule destination to "any".
November 16, 2024, 01:51:25 PM #4
What the difference between wan net - Wan address - Web net ?

November 16, 2024, 05:38:11 PM #5
"WAN address" is the WAN interface's IP address. "WAN net" is the network part of the WAN interface's IP address - e.g. if the address was 100.10.20.30/24, the network part would be 100.10.20.0/24.
Print
Go Up Pages1
User actions