OPNsense® ☞ ؟⸮UNOFFICIAL⸮؟ – Self Support Community for community self support. - Public Room Timeline

	OPNsense® ☞ ؟⸮UNOFFICIAL⸮؟ – Self Support Community for community self support.	188 Members
	https://opnsense.org/ ° https://wiki.opnsense.org/ ° https://github.com/opnsense ° https://forum.opnsense.org/ ° https://opnsense.org/blog/ ° Announcements: https://forum.opnsense.org/index.php?board=11.0 ••• "OPNsense is open source, FreeBSD-based firewall and routing software developed by Deciso, a company in the Netherlands that makes hardware and sells support packages for OPNsense. It is a fork of pfSense." - https://en.wikipedia.org/wiki/OPNsense ° pfSense is an open source firewall/router computer software distribution based on FreeBSD. It is installed on a physical computer or a virtual machine to make a dedicated firewall/router for a network and has been noted for its reliability and offering a range of features. - https://en.wikipedia.org/wiki/PfSense ••• https://doc.pfsense.org/index.php/Main_Page ••• This room is "World Readable" or according to IRC types, "Logged": https://view.matrix.org/alias/%23OPNsense:matrix.org ••• Listed: https://matrixstats.org/room/!zyeXJfuMWoXfqBNbUK:matrix.org ••• For sharing: #OPNsense:matrix.org ° https://riot.im/app/#/room/#OPNsense:matrix.org ° https://matrix.to/#/#OPNsense:matrix.org ° [#OPNsense:matrix.org](https://matrix.to/#/#OPNsense:matrix.org) ••• Keywords/Tags: #OPNsense #firewall #router #Cisco #secure #security ••••	35 Servers

Load older messages

Sender	Message	Time
29 Apr 2021
b8b	As the setup has been described, the redirected connection cannot work from the whole net 172.16.1/24 ; DNS might be a solution, but you need it for all hosts in 172.16.1/24. Don't known if it's possible for you but definitely, the most simple solution is OPNsense running HAProxy directly on the WAN IP. No rdr involved at all -> no split DNS required and all is easy. If you need the apache for some reason, you can configure it to respect X-Forwarded header from HAProxy so you have the correct client IP in the logs.	20:43:11
30 Apr 2021
Zordon	Download image.png	13:45:17
Zordon	Here is a dirty trick to make OPNsense backup works with local Nextcloud instance:	13:45:19
Zordon	Redacted or Malformed Event	13:46:28
Zordon	`root@OPNsense:~ # curl -v -k https://nextcloud.something.tld * Trying 88.x.x.x:443... ^C root@OPNsense:~ # curl -v -k https://172.16.1.56 * Trying 172.16.1.56:443... * Connected to 172.16.1.56 (172.16.1.56) port 443 (#0)`	13:47:06
Zordon	I am. Unbound service override works. All unbound clients will resolve https://nextcloud.something.tld as 172.16.1.56 and it works... until next reboot :) after reboot it again resolves to WAN address. Can't understand why. If I reload Unbound when OPNsense is running, all overrides works again too.	13:49:11
Zordon	In reply to @janci:matrix.org so your local DNS resolver should give you local IP of nextcloud server you should be able to do that in unbound overrides * I am. Unbound service override works. All unbound clients will resolve https://nextcloud.something.tld as 172.16.1.56 and it works... until next reboot :) after reboot it again resolves to WAN address. Can't understand why. If I reload Unbound when OPNsense works, all overrides works again too.	13:51:25
Zordon	* I am. Unbound service override works. All unbound clients will resolve https://nextcloud.something.tld as 172.16.1.56 and it works... until next reboot :) after reboot it again resolves to WAN address. Can't understand why. If I reload Unbound when OPNsense is running, all overrides works again too.	13:55:58
Zordon	With another network with 3 vlans where firewall/router is OpenWRT, there are nor problems like that. With single NAT rule every device in every VLAN including OpenWRT itself can access https://internal.domain.tld that points to internal network.	14:01:06
Zordon	* With another network with 3 vlans where firewall/router is OpenWRT, there are nor problems like that. With single NAT rule every device in every VLAN including OpenWRT itself can access https://internal.domain.tld that points to internal network.	14:01:19
Zordon	My question is: Anybody here ever made a setup where OPNsense itself was capable of connecting to internal server via domain name which resolves to WAN addr?	14:03:09
Zordon	* My question is: Anybody here ever made a setup where OPNsense itself was capable of connecting to internal server via domain name which resolves to WAN addr?	14:03:26
@l1243:matrix.org	Redacted or Malformed Event	14:04:01
Zordon	What is a diffrence between those 3?	14:05:24
Zordon	Download image.png	14:05:24
Zordon	between first and second option, how to get know what is system default	14:05:53
@l1243:matrix.org	Redacted or Malformed Event	14:06:38
Zordon	Firewall -> NAT -> Port Forward -> Myrule which redirects traffic on port 443: Option NAT Reflection -> Enabled Reboot Still got: `root@OPNsense:~ # curl -v -k https://nextcloud.something.tld * Trying 88.x.x.x:443... ^C`	14:11:48
1 May 2021
	lexu_ joined the room.	02:12:32
@l1243:matrix.org	Redacted or Malformed Event	09:46:50
2 May 2021
	@nod0n:matrix.org left the room.	16:03:57
3 May 2021
b8b	I'm not sure that NAT reflection will work in this situation (for the OPNsense itself). I also don't know what OpenWRT does but it is likely some workaround like NAT reflection if it "worked" without split DNS. I don't recommend it because you hide the source IP of your connections. You should get unbound to work. I also use DNS overrides and have no problem with rebooting - there must be a reason for this.	07:01:38
4 May 2021
	@anonymouserobot:matrix.org joined the room.	13:36:33
	@anonymouserobot:matrix.org left the room.	13:36:36
5 May 2021
	@l1243:matrix.org joined the room.	19:56:54
	@l1243:matrix.org left the room.	19:57:20
8 May 2021
	symphase joined the room.	20:21:15
9 May 2021
	notime_ joined the room.	17:41:36
notime_	has anybody managed to do unattended install / automatic setup and how?	17:48:32
14 May 2021
	@duxyy:matrix.org left the room.	20:40:50

There are no newer messages yet.

Back to Room List