OPNsense Grundkonfiguration: Unterschied zwischen den Versionen

Aus Xinux Wiki
Zur Navigation springen Zur Suche springen
 
(14 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt)
Zeile 35: Zeile 35:
 
=Services: Dnsmasq DNS & DHCP=
 
=Services: Dnsmasq DNS & DHCP=
 
  DHCP Range: 172.17.2xx.100 bis 172.17.2xx.200
 
  DHCP Range: 172.17.2xx.100 bis 172.17.2xx.200
 +
=Interfaces: INSIDE=
 +
Enable (x)
 +
IPv4 Configuration Type: Static IPv4
 +
IPv4 address: 172.17.2xx.1/24
 +
=Firewall=
 +
==Firewall: Settings: Advanced==
 +
Disable reply-to: (x) Disable reply-to on WAN rules
 +
 +
==Firewall: NAT: Outbound==
 +
{| class="wikitable"
 +
! Interface !! Source !! Source Port !! Destination !! Destination Port !! NAT Address !! NAT Port !! Static Port !! Description
 +
|-
 +
| WAN || INSIDE net || * || * || * || Interface address || * || NO ||
 +
|-
 +
| WAN || SERVER net || * || * || * || Interface address || * || NO ||
 +
|-
 +
| WAN || DMZ net || * || ! 10.88.0.0/16 || * || Interface address || * || NO ||
 +
|}
 +
==Firewall: Rules==
 +
{| class="wikitable"
 +
! Interface !! Protocol !! Source !! Port !! Destination !! Port !! Gateway !! Schedule !! Description
 +
|-
 +
| DMZ || IPv4 * || DMZ net || * || * || * || * || * ||
 +
|-
 +
| SERVER || IPv4 * || SERVER net || * || * || * || * || * ||
 +
|-
 +
| INSIDE || IPv4 * || INSIDE net || * || * || * || * || * ||
 +
|}
 +
{| class="wikitable"
 +
! Interface !! Protocol !! Source !! Port !! Destination !! Port !! Gateway !! Schedule !! Description
 +
|-
 +
| WAN || IPv4 TCP || HOST || * || WAN address || 2222 || * || * ||
 +
|-
 +
| WAN || IPv4 TCP || HOST || * || WAN address || 4444 || * || * ||
 +
|-
 +
| WAN || IPv4 ICMP || * || * || * || * || * || * ||
 +
|}
 +
=System: Gateways: Configuration=
 +
{| class="wikitable"
 +
! Parameter !! Wert
 +
|-
 +
| Name || DNSGW
 +
|-
 +
| Interface || WAN
 +
|-
 +
| Address Family || IPv4
 +
|-
 +
| Priority || 255
 +
|-
 +
| IP Address || 192.168.4.88
 +
|-
 +
| Upstream Gateway || ( )
 +
|}
 +
=System: Routes: Configuration=
 +
{| class="wikitable"
 +
! Parameter !! Wert
 +
|-
 +
| Disabled || No
 +
|-
 +
| Network Address || 10.88.0.0/16
 +
|-
 +
| Gateway || DNSGW - 192.168.4.88
 +
|-
 +
| Description || UNSERE DMZs
 +
|}
 +
=Systemnamen setzen=
 +
==System: Settings: General==
 +
*Hostname: opnsense
 +
*Domain: it213.xinmen.de
 +
=Zertifikat einpflegen=
 +
;Zertifikat holen
 +
*wget https://web.samogo.de/certs/it213.xinmen.de.tgz
 +
;Entpacken
 +
*tar -xvzf it2*.xinmen.de.tgz
 +
;Zertifikat
 +
fullchain.pem
 +
;Private Schlüssel
 +
privkey.pem
 +
;Hostname IP Test
 +
*host opnsense.it213.xinmen.de
 +
opnsense.it213.xinmen.de has address 192.168.4.213
 +
==System: Trust: Certificates==
 +
*+
 +
**Import existing Certificate
 +
**Description: star.it213.xinmen.de
 +
;Certificate data
 +
Hier muss der Inhalt von fullchain.pem rein.
 +
;Private key data
 +
Hier muss der Inhalt von privakey.pem rein.
 +
;Dann sichern
 +
==System: Settings: Administration==
 +
*SSL Certificate: star.it213.xinmen.de
 +
===Dann Zertifikat testen===
 +
*https://opnsense.it213.xinmen.de:4444/

Aktuelle Version vom 17. Februar 2026, 09:12 Uhr

System: Settings: Administration

(x)  Enable HTTP Strict Transport Security                  
TCP port 4444
(x) Disable web GUI redirect rule             
(x) Disable DNS Rebinding Checks                      
(x) Enable Secure Shell                
(x) Permit root user login      
(x) Permit password login                              
SSH PORT 2222

System: Gateway: Configuration

WANGW 192.168.4.254
Interface: WAN
(x) Upstream Gateway

Interfaces: WAN

( ) Block bogon networks
( ) Block private networks
IPv4 Configuration Type:  Static IPv4
192.168.4.2xx/24
GW: WANGW

Interfaces: LAN

Description: INSIDE

Interfaces: Assignments

em2: DMZ
em3: SERVER

Interfaces: SERVER

Enable (x)
IPv4 Configuration Type: Static IPv4
IPv4 address: 10.0.10.1/24

Interfaces: DMZ

Enable (x)
IPv4 Configuration Type: Static IPv4
IPv4 address: 10.88.2xx.1/24

Services: Dnsmasq DNS & DHCP

DHCP Range: 172.17.2xx.100 bis 172.17.2xx.200

Interfaces: INSIDE

Enable (x)
IPv4 Configuration Type: Static IPv4
IPv4 address: 172.17.2xx.1/24

Firewall

Firewall: Settings: Advanced

Disable reply-to: (x) Disable reply-to on WAN rules

Firewall: NAT: Outbound

Interface Source Source Port Destination Destination Port NAT Address NAT Port Static Port Description
WAN INSIDE net * * * Interface address * NO
WAN SERVER net * * * Interface address * NO
WAN DMZ net * ! 10.88.0.0/16 * Interface address * NO

Firewall: Rules

Interface Protocol Source Port Destination Port Gateway Schedule Description
DMZ IPv4 * DMZ net * * * * *
SERVER IPv4 * SERVER net * * * * *
INSIDE IPv4 * INSIDE net * * * * *
Interface Protocol Source Port Destination Port Gateway Schedule Description
WAN IPv4 TCP HOST * WAN address 2222 * *
WAN IPv4 TCP HOST * WAN address 4444 * *
WAN IPv4 ICMP * * * * * *

System: Gateways: Configuration

Parameter Wert
Name DNSGW
Interface WAN
Address Family IPv4
Priority 255
IP Address 192.168.4.88
Upstream Gateway ( )

System: Routes: Configuration

Parameter Wert
Disabled No
Network Address 10.88.0.0/16
Gateway DNSGW - 192.168.4.88
Description UNSERE DMZs

Systemnamen setzen

System: Settings: General

  • Hostname: opnsense
  • Domain: it213.xinmen.de

Zertifikat einpflegen

Zertifikat holen
Entpacken
  • tar -xvzf it2*.xinmen.de.tgz
Zertifikat

fullchain.pem

Private Schlüssel

privkey.pem

Hostname IP Test
  • host opnsense.it213.xinmen.de

opnsense.it213.xinmen.de has address 192.168.4.213

System: Trust: Certificates

  • +
    • Import existing Certificate
    • Description: star.it213.xinmen.de
Certificate data

Hier muss der Inhalt von fullchain.pem rein.

Private key data

Hier muss der Inhalt von privakey.pem rein.

Dann sichern

System: Settings: Administration

  • SSL Certificate: star.it213.xinmen.de

Dann Zertifikat testen

Abgerufen von „http://wiki.ixheim.de/index.php?title=OPNsense_Grundkonfiguration&oldid=66942