!zyeXJfuMWoXfqBNbUK:matrix.org

OPNsense® ☞ ؟⸮UNOFFICIAL⸮؟ – Self Support Community for community self support.

188 Members
https://opnsense.org/ ° https://wiki.opnsense.org/ ° https://github.com/opnsense ° https://forum.opnsense.org/ ° https://opnsense.org/blog/ ° Announcements: https://forum.opnsense.org/index.php?board=11.0 ••• "OPNsense is open source, FreeBSD-based firewall and routing software developed by Deciso, a company in the Netherlands that makes hardware and sells support packages for OPNsense. It is a fork of pfSense." - https://en.wikipedia.org/wiki/OPNsense ° pfSense is an open source firewall/router computer software distribution based on FreeBSD. It is installed on a physical computer or a virtual machine to make a dedicated firewall/router for a network and has been noted for its reliability and offering a range of features. - https://en.wikipedia.org/wiki/PfSense ••• https://doc.pfsense.org/index.php/Main_Page ••• This room is "World Readable" or according to IRC types, "Logged": https://view.matrix.org/alias/%23OPNsense:matrix.org ••• Listed: https://matrixstats.org/room/!zyeXJfuMWoXfqBNbUK:matrix.org ••• For sharing: #OPNsense:matrix.org ° https://riot.im/app/#/room/#OPNsense:matrix.org ° https://matrix.to/#/#OPNsense:matrix.org ° [#OPNsense:matrix.org](https://matrix.to/#/#OPNsense:matrix.org) ••• Keywords/Tags: #OPNsense #firewall #router #Cisco #secure #security ••••35 Servers

Load older messages


SenderMessageTime
29 Apr 2021
@b8b:matrix.orgb8bAs the setup has been described, the redirected connection cannot work from the whole net 172.16.1/24 ; DNS might be a solution, but you need it for all hosts in 172.16.1/24. Don't known if it's possible for you but definitely, the most simple solution is OPNsense running HAProxy directly on the WAN IP. No rdr involved at all -> no split DNS required and all is easy. If you need the apache for some reason, you can configure it to respect X-Forwarded header from HAProxy so you have the correct client IP in the logs. 20:43:11
30 Apr 2021
@zordon:elysium.linkZordonimage.png
Download image.png
13:45:17
@zordon:elysium.linkZordonHere is a dirty trick to make OPNsense backup works with local Nextcloud instance: 13:45:19
@zordon:elysium.linkZordonRedacted or Malformed Event13:46:28
@zordon:elysium.linkZordon
root@OPNsense:~ # curl -v -k https://nextcloud.something.tld              
*   Trying 88.x.x.x:443...
^C
root@OPNsense:~ # curl -v -k https://172.16.1.56
*   Trying 172.16.1.56:443...
* Connected to 172.16.1.56 (172.16.1.56) port 443 (#0)
13:47:06
@zordon:elysium.linkZordonI am. Unbound service override works. All unbound clients will resolve https://nextcloud.something.tld as 172.16.1.56 and it works... until next reboot :) after reboot it again resolves to WAN address. Can't understand why. If I reload Unbound when OPNsense is running, all overrides works again too.13:49:11
@zordon:elysium.linkZordon
In reply to @janci:matrix.org
so your local DNS resolver should give you local IP of nextcloud server
you should be able to do that in unbound overrides
* I am. Unbound service override works. All unbound clients will resolve https://nextcloud.something.tld as 172.16.1.56 and it works... until next reboot :) after reboot it again resolves to WAN address. Can't understand why. If I reload Unbound when OPNsense works, all overrides works again too.
13:51:25
@zordon:elysium.linkZordon * I am. Unbound service override works. All unbound clients will resolve https://nextcloud.something.tld as 172.16.1.56 and it works... until next reboot :) after reboot it again resolves to WAN address. Can't understand why. If I reload Unbound when OPNsense is running, all overrides works again too.13:55:58
@zordon:elysium.linkZordonWith another network with 3 vlans where firewall/router is OpenWRT, there are nor problems like that. With single NAT rule every device in every VLAN including OpenWRT itself can access https://internal.domain.tld that points to internal network. 14:01:06
@zordon:elysium.linkZordon * With another network with 3 vlans where firewall/router is OpenWRT, there are nor problems like that. With single NAT rule every device in every VLAN including OpenWRT itself can access https://internal.domain.tld that points to internal network. 14:01:19
@zordon:elysium.linkZordonMy question is: Anybody here ever made a setup where OPNsense itself was capable of connecting to internal server via domain name which resolves to WAN addr?14:03:09
@zordon:elysium.linkZordon * My question is: Anybody here ever made a setup where OPNsense itself was capable of connecting to internal server via domain name which resolves to WAN addr?14:03:26
@l1243:matrix.org@l1243:matrix.orgRedacted or Malformed Event14:04:01
@zordon:elysium.linkZordonWhat is a diffrence between those 3? 14:05:24
@zordon:elysium.linkZordonimage.png
Download image.png
14:05:24
@zordon:elysium.linkZordonbetween first and second option, how to get know what is system default14:05:53
@l1243:matrix.org@l1243:matrix.orgRedacted or Malformed Event14:06:38
@zordon:elysium.linkZordon

Firewall -> NAT -> Port Forward -> Myrule which redirects traffic on port 443:
Option NAT Reflection -> Enabled
Reboot
Still got:

root@OPNsense:~ # curl -v -k https://nextcloud.something.tld              
*   Trying 88.x.x.x:443...
^C
14:11:48
1 May 2021
@lexu_:matrix.orglexu_ joined the room.02:12:32
@l1243:matrix.org@l1243:matrix.orgRedacted or Malformed Event09:46:50
2 May 2021
@nod0n:matrix.org@nod0n:matrix.org left the room.16:03:57
3 May 2021
@b8b:matrix.orgb8bI'm not sure that NAT reflection will work in this situation (for the OPNsense itself). I also don't know what OpenWRT does but it is likely some workaround like NAT reflection if it "worked" without split DNS. I don't recommend it because you hide the source IP of your connections. You should get unbound to work. I also use DNS overrides and have no problem with rebooting - there must be a reason for this.07:01:38
4 May 2021
@anonymouserobot:matrix.org@anonymouserobot:matrix.org joined the room.13:36:33
@anonymouserobot:matrix.org@anonymouserobot:matrix.org left the room.13:36:36
5 May 2021
@l1243:matrix.org@l1243:matrix.org joined the room.19:56:54
@l1243:matrix.org@l1243:matrix.org left the room.19:57:20
8 May 2021
@symphase:matrix.orgsymphase joined the room.20:21:15
9 May 2021
@thereisnotime:matrix.orgnotime_ joined the room.17:41:36
@thereisnotime:matrix.orgnotime_has anybody managed to do unattended install / automatic setup and how? 17:48:32
14 May 2021
@duxyy:matrix.org@duxyy:matrix.org left the room.20:40:50

There are no newer messages yet.


Back to Room List