OPNsense Grundkonfiguration: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| (22 dazwischenliegende Versionen desselben Benutzers werden nicht angezeigt) | |||
| Zeile 8: | Zeile 8: | ||
(x) Permit password login | (x) Permit password login | ||
SSH PORT 2222 | SSH PORT 2222 | ||
| − | =System: Gateway: Configuration | + | =System: Gateway: Configuration= |
WANGW 192.168.4.254 | WANGW 192.168.4.254 | ||
Interface: WAN | Interface: WAN | ||
(x) Upstream Gateway | (x) Upstream Gateway | ||
| + | |||
=Interfaces: WAN= | =Interfaces: WAN= | ||
( ) Block bogon networks | ( ) Block bogon networks | ||
( ) Block private networks | ( ) Block private networks | ||
| − | IPv4 Static | + | IPv4 Configuration Type: Static IPv4 |
192.168.4.2xx/24 | 192.168.4.2xx/24 | ||
GW: WANGW | GW: WANGW | ||
| + | =Interfaces: LAN= | ||
| + | Description: INSIDE | ||
| + | =Interfaces: Assignments= | ||
| + | em2: DMZ | ||
| + | em3: SERVER | ||
| + | =Interfaces: SERVER= | ||
| + | Enable (x) | ||
| + | IPv4 Configuration Type: Static IPv4 | ||
| + | IPv4 address: 10.0.10.1/24 | ||
| + | =Interfaces: DMZ= | ||
| + | Enable (x) | ||
| + | IPv4 Configuration Type: Static IPv4 | ||
| + | IPv4 address: 10.88.2xx.1/24 | ||
| + | |||
| + | =Services: Dnsmasq DNS & DHCP= | ||
| + | DHCP Range: 172.17.2xx.100 bis 172.17.2xx.200 | ||
| + | =Interfaces: INSIDE= | ||
| + | Enable (x) | ||
| + | IPv4 Configuration Type: Static IPv4 | ||
| + | IPv4 address: 172.17.2xx.1/24 | ||
| + | =Firewall= | ||
| + | ==Firewall: Settings: Advanced== | ||
| + | Disable reply-to: (x) Disable reply-to on WAN rules | ||
| + | |||
| + | ==Firewall: NAT: Outbound== | ||
| + | {| class="wikitable" | ||
| + | ! Interface !! Source !! Source Port !! Destination !! Destination Port !! NAT Address !! NAT Port !! Static Port !! Description | ||
| + | |- | ||
| + | | WAN || INSIDE net || * || * || * || Interface address || * || NO || | ||
| + | |- | ||
| + | | WAN || SERVER net || * || * || * || Interface address || * || NO || | ||
| + | |- | ||
| + | | WAN || DMZ net || * || ! 10.88.0.0/16 || * || Interface address || * || NO || | ||
| + | |} | ||
| + | ==Firewall: Rules== | ||
| + | {| class="wikitable" | ||
| + | ! Interface !! Protocol !! Source !! Port !! Destination !! Port !! Gateway !! Schedule !! Description | ||
| + | |- | ||
| + | | DMZ || IPv4 * || DMZ net || * || * || * || * || * || | ||
| + | |- | ||
| + | | SERVER || IPv4 * || SERVER net || * || * || * || * || * || | ||
| + | |- | ||
| + | | INSIDE || IPv4 * || INSIDE net || * || * || * || * || * || | ||
| + | |} | ||
| + | {| class="wikitable" | ||
| + | ! Interface !! Protocol !! Source !! Port !! Destination !! Port !! Gateway !! Schedule !! Description | ||
| + | |- | ||
| + | | WAN || IPv4 TCP || HOST || * || WAN address || 2222 || * || * || | ||
| + | |- | ||
| + | | WAN || IPv4 TCP || HOST || * || WAN address || 4444 || * || * || | ||
| + | |- | ||
| + | | WAN || IPv4 ICMP || * || * || * || * || * || * || | ||
| + | |} | ||
| + | =System: Gateways: Configuration= | ||
| + | {| class="wikitable" | ||
| + | ! Parameter !! Wert | ||
| + | |- | ||
| + | | Name || DNSGW | ||
| + | |- | ||
| + | | Interface || WAN | ||
| + | |- | ||
| + | | Address Family || IPv4 | ||
| + | |- | ||
| + | | Priority || 255 | ||
| + | |- | ||
| + | | IP Address || 192.168.4.88 | ||
| + | |- | ||
| + | | Upstream Gateway || ( ) | ||
| + | |} | ||
| + | =System: Routes: Configuration= | ||
| + | {| class="wikitable" | ||
| + | ! Parameter !! Wert | ||
| + | |- | ||
| + | | Disabled || No | ||
| + | |- | ||
| + | | Network Address || 10.88.0.0/16 | ||
| + | |- | ||
| + | | Gateway || DNSGW - 192.168.4.88 | ||
| + | |- | ||
| + | | Description || UNSERE DMZs | ||
| + | |} | ||
| + | =Systemnamen setzen= | ||
| + | ==System: Settings: General== | ||
| + | *Hostname: opnsense | ||
| + | *Domain: it213.xinmen.de | ||
| + | =Zertifikat einpflegen= | ||
| + | ;Zertifikat holen | ||
| + | *wget https://web.samogo.de/certs/it213.xinmen.de.tgz | ||
| + | ;Entpacken | ||
| + | *tar -xvzf it2*.xinmen.de.tgz | ||
| + | ;Zertifikat | ||
| + | fullchain.pem | ||
| + | ;Private Schlüssel | ||
| + | privkey.pem | ||
| + | ;Hostname IP Test | ||
| + | *host opnsense.it213.xinmen.de | ||
| + | opnsense.it213.xinmen.de has address 192.168.4.213 | ||
| + | ==System: Trust: Certificates== | ||
| + | *+ | ||
| + | **Import existing Certificate | ||
| + | **Description: star.it213.xinmen.de | ||
| + | ;Certificate data | ||
| + | Hier muss der Inhalt von fullchain.pem rein. | ||
| + | ;Private key data | ||
| + | Hier muss der Inhalt von privakey.pem rein. | ||
| + | ;Dann sichern | ||
| + | ==System: Settings: Administration== | ||
| + | *SSL Certificate: star.it213.xinmen.de | ||
| + | ===Dann Zertifikat testen=== | ||
| + | *https://opnsense.it213.xinmen.de:4444/ | ||
Aktuelle Version vom 17. Februar 2026, 09:12 Uhr
System: Settings: Administration
(x) Enable HTTP Strict Transport Security TCP port 4444 (x) Disable web GUI redirect rule (x) Disable DNS Rebinding Checks (x) Enable Secure Shell (x) Permit root user login (x) Permit password login SSH PORT 2222
System: Gateway: Configuration
WANGW 192.168.4.254 Interface: WAN (x) Upstream Gateway
Interfaces: WAN
( ) Block bogon networks ( ) Block private networks IPv4 Configuration Type: Static IPv4 192.168.4.2xx/24 GW: WANGW
Interfaces: LAN
Description: INSIDE
Interfaces: Assignments
em2: DMZ em3: SERVER
Interfaces: SERVER
Enable (x) IPv4 Configuration Type: Static IPv4 IPv4 address: 10.0.10.1/24
Interfaces: DMZ
Enable (x) IPv4 Configuration Type: Static IPv4 IPv4 address: 10.88.2xx.1/24
Services: Dnsmasq DNS & DHCP
DHCP Range: 172.17.2xx.100 bis 172.17.2xx.200
Interfaces: INSIDE
Enable (x) IPv4 Configuration Type: Static IPv4 IPv4 address: 172.17.2xx.1/24
Firewall
Firewall: Settings: Advanced
Disable reply-to: (x) Disable reply-to on WAN rules
Firewall: NAT: Outbound
| Interface | Source | Source Port | Destination | Destination Port | NAT Address | NAT Port | Static Port | Description |
|---|---|---|---|---|---|---|---|---|
| WAN | INSIDE net | * | * | * | Interface address | * | NO | |
| WAN | SERVER net | * | * | * | Interface address | * | NO | |
| WAN | DMZ net | * | ! 10.88.0.0/16 | * | Interface address | * | NO |
Firewall: Rules
| Interface | Protocol | Source | Port | Destination | Port | Gateway | Schedule | Description |
|---|---|---|---|---|---|---|---|---|
| DMZ | IPv4 * | DMZ net | * | * | * | * | * | |
| SERVER | IPv4 * | SERVER net | * | * | * | * | * | |
| INSIDE | IPv4 * | INSIDE net | * | * | * | * | * |
| Interface | Protocol | Source | Port | Destination | Port | Gateway | Schedule | Description |
|---|---|---|---|---|---|---|---|---|
| WAN | IPv4 TCP | HOST | * | WAN address | 2222 | * | * | |
| WAN | IPv4 TCP | HOST | * | WAN address | 4444 | * | * | |
| WAN | IPv4 ICMP | * | * | * | * | * | * |
System: Gateways: Configuration
| Parameter | Wert |
|---|---|
| Name | DNSGW |
| Interface | WAN |
| Address Family | IPv4 |
| Priority | 255 |
| IP Address | 192.168.4.88 |
| Upstream Gateway | ( ) |
System: Routes: Configuration
| Parameter | Wert |
|---|---|
| Disabled | No |
| Network Address | 10.88.0.0/16 |
| Gateway | DNSGW - 192.168.4.88 |
| Description | UNSERE DMZs |
Systemnamen setzen
System: Settings: General
- Hostname: opnsense
- Domain: it213.xinmen.de
Zertifikat einpflegen
- Zertifikat holen
- Entpacken
- tar -xvzf it2*.xinmen.de.tgz
- Zertifikat
fullchain.pem
- Private Schlüssel
privkey.pem
- Hostname IP Test
- host opnsense.it213.xinmen.de
opnsense.it213.xinmen.de has address 192.168.4.213
System: Trust: Certificates
- +
- Import existing Certificate
- Description: star.it213.xinmen.de
- Certificate data
Hier muss der Inhalt von fullchain.pem rein.
- Private key data
Hier muss der Inhalt von privakey.pem rein.
- Dann sichern
System: Settings: Administration
- SSL Certificate: star.it213.xinmen.de