Recent posts

#41

How-to Discussions / Re: Clarification on Basic DMZ...

Last post by Spectre5 - November 30, 2021, 01:00:30 AM

Great, thanks.  Just trying to confirm my understanding!  Great site, thanks for all your posts!

#42

How-to Discussions / Re: Clarification on Basic DMZ...

Last post by Home Network Guy - November 25, 2021, 11:14:20 PM

That's a good catch. I may have made those rules mimic the rules I was using at the time of the writing of the article so I know I had working rules.

Rule 3 is redundant (unless accessing some other service on the DMZ interface that is running on OPNsense).

I need to go back to simplify and clean up those rules. Thanks for the feedback!

#43

How-to Discussions / Clarification on Basic DMZ How...

Last post by Spectre5 - November 25, 2021, 02:46:29 PM

I've read through Basic DMZ article here:
https://homenetworkguy.com/how-to/create-basic-dmz-network-opnsense/

I have a question on the firewall rule in the section "Allow access to DMZ network interface".  It indicates that "...this rule is necessary because of the next firewall rule below that blocks all private networks. Without it, the network would not have Internet access since the interface/gateway IP address would be blocked"  However, I don't understand why this is true (that the internet wouldn't work without this rule).

In a previous rule the DNS is already allowed, so the DMZ can resolve URLs to IP address.  Then the clients would request that IP address, which is not a private address and would then fall into rule 5, "Allow access to all other traffic".

If you don't care about pinging the router nor accessing the router from the DMZ, then what traffic would this "allow access to the DMZ network interface" be necessary for?  As far as I can tell, you can access the internet with out.

I've disabled this rule and my DMZ can still access websites just fine (although my network topology and rules are not all identical to this article).  Am I missing something?

#44

Tech Discussions / Re: IPv6 Confirmation

Last post by Home Network Guy - November 12, 2021, 11:19:18 AM

Sorry I didn't see this sooner. I think sometimes subsequent comments are not always emailed to me to reduce the number of email notifications.

I don't know if the track interface will work behind another firewall unless you can somehow use delegated prefixes from the other router you have on your network. The ISP provided modem/router is not always the most feature rich. They seem to only have the most basic features available for you to manipulate (hence why OPNsense/pfSense is awesome). My guide was written as OPNsense being the main router. When you run OPNsense behind another router, it complicates the set up and you may not have all features available to you or you have to go about configuring them differently because you are now on a network that's behind another network. Having OPNsense as your main top level router enables you do more since it's the main entry point into your network.

I know we have had some discussions on Twitter, but I wanted to reply for others to see.

#45

Tech Discussions / Re: IPv6 Confirmation

Last post by Shaggy - October 31, 2021, 04:52:52 PM

Just wanted to give a full update on where I'm at. I dug further and tried following the guide but with no luck, IPv6 for devices is not working.

-WAN uses DHCP6.
-I switched my LAN interface to use a Track Interface (can only select Prefix 0).
-I created the WAN rule requested for All:547 -> All:546.

What I have noticed is the the dhcpcd service is not running. I sadly don't have the skill to troubleshoot this issue any further.

Would you be able to point me in the right direction of how I could troubleshoot this issue?
I would like to add that the OPNSense Firewall is behind another Gateway:
Rented Modem -> OPNSense -> Switch -> Device

#46

Tech Discussions / Re: IPv6 Confirmation

Last post by Shaggy - October 28, 2021, 02:30:58 AM

No problem! Please report back since others may be interested in that info. I only have one Android tablet I could test with.

Screenshot is of my Pixel 5 being connected to the Wi-Fi network using DHCPv6.

Update:
I noticed I am currently only getting a IPv6 Address that is either for LAN or Loop Back.
Could this be a loopback address?

#47

Tech Discussions / Re: IPv6 Confirmation

Last post by Home Network Guy - October 17, 2021, 04:03:43 PM

No problem! Please report back since others may be interested in that info. I only have one Android tablet I could test with.

#48

Tech Discussions / Re: IPv6 Confirmation

Last post by Shaggy - October 17, 2021, 02:34:23 PM

Your welcome, thank you for responding back.

I am mistaken, I tested connectivity on a non OPNSense router. I will be able to test IPv6 connectivity after I have configured my VLANs.

#49

Tech Discussions / Re: IPv6 Confirmation

Last post by Home Network Guy - October 17, 2021, 07:56:29 AM

Thanks for the info! Does it obtain IPv6 via DHCPv6 or SLAAC? I think it was DHCPv6 support that was lacking in many Android devices (at least in the past when I was reading about it elsewhere on the web). That is why I mentioned enabling "assisted" mode since it will allow both DHCPv6 and SLAAC to assign IPv6 addresses so even the Android devices that don't support DHCPv6 should still obtain an IPv6 address. I wanted to make sure the guide would work for such devices which means you can't use DHCPv6 only.

#50

Tech Discussions / IPv6 Confirmation

Last post by Shaggy - October 17, 2021, 02:32:52 AM

While reading through the IPv6 page, I noticed it's written that it's unclear if Android devices use IPv6. I wanted to confirm that IPv6 does work on my personal+work phone and tablet as I have IPv6 addresses.

Link to article mentioning: https://homenetworkguy.com/how-to/configure-ipv6-opnsense-with-isp-such-as-comcast-xfinity/