OPNsense Grundkonfiguration: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
| Zeile 100: | Zeile 100: | ||
| Description || UNSERE DMZs | | Description || UNSERE DMZs | ||
|} | |} | ||
| + | =Zertifikat einpflegen= | ||
| + | ;Zertifikat holen | ||
| + | *wget https://web.samogo.de/certs/it213.xinmen.de.tgz | ||
| + | ;Entpacken | ||
| + | *tar -xvzf it2*.xinmen.de.tgz | ||
| + | ;Zertifikat | ||
| + | fullchain.pem | ||
| + | :Private Schlüssel | ||
| + | privkey.pem | ||
| + | ;Hostname IP Test | ||
| + | *host opnsense.it213.xinmen.de | ||
| + | opnsense.it213.xinmen.de has address 192.168.4.213 | ||
Version vom 17. Februar 2026, 08:56 Uhr
System: Settings: Administration
(x) Enable HTTP Strict Transport Security TCP port 4444 (x) Disable web GUI redirect rule (x) Disable DNS Rebinding Checks (x) Enable Secure Shell (x) Permit root user login (x) Permit password login SSH PORT 2222
System: Gateway: Configuration
WANGW 192.168.4.254 Interface: WAN (x) Upstream Gateway
Interfaces: WAN
( ) Block bogon networks ( ) Block private networks IPv4 Configuration Type: Static IPv4 192.168.4.2xx/24 GW: WANGW
Interfaces: LAN
Description: INSIDE
Interfaces: Assignments
em2: DMZ em3: SERVER
Interfaces: SERVER
Enable (x) IPv4 Configuration Type: Static IPv4 IPv4 address: 10.0.10.1/24
Interfaces: DMZ
Enable (x) IPv4 Configuration Type: Static IPv4 IPv4 address: 10.88.2xx.1/24
Services: Dnsmasq DNS & DHCP
DHCP Range: 172.17.2xx.100 bis 172.17.2xx.200
Interfaces: INSIDE
Enable (x) IPv4 Configuration Type: Static IPv4 IPv4 address: 172.17.2xx.1/24
Firewall
Firewall: Settings: Advanced
Disable reply-to: (x) Disable reply-to on WAN rules
Firewall: NAT: Outbound
| Interface | Source | Source Port | Destination | Destination Port | NAT Address | NAT Port | Static Port | Description |
|---|---|---|---|---|---|---|---|---|
| WAN | INSIDE net | * | * | * | Interface address | * | NO | |
| WAN | SERVER net | * | * | * | Interface address | * | NO | |
| WAN | DMZ net | * | ! 10.88.0.0/16 | * | Interface address | * | NO |
Firewall: Rules
| Interface | Protocol | Source | Port | Destination | Port | Gateway | Schedule | Description |
|---|---|---|---|---|---|---|---|---|
| DMZ | IPv4 * | DMZ net | * | * | * | * | * | |
| SERVER | IPv4 * | SERVER net | * | * | * | * | * | |
| INSIDE | IPv4 * | INSIDE net | * | * | * | * | * |
| Interface | Protocol | Source | Port | Destination | Port | Gateway | Schedule | Description |
|---|---|---|---|---|---|---|---|---|
| WAN | IPv4 TCP | HOST | * | WAN address | 2222 | * | * | |
| WAN | IPv4 TCP | HOST | * | WAN address | 4444 | * | * | |
| WAN | IPv4 ICMP | * | * | * | * | * | * |
System: Gateways: Configuration
| Parameter | Wert |
|---|---|
| Name | DNSGW |
| Interface | WAN |
| Address Family | IPv4 |
| Priority | 255 |
| IP Address | 192.168.4.88 |
| Upstream Gateway | ( ) |
System: Routes: Configuration
| Parameter | Wert |
|---|---|
| Disabled | No |
| Network Address | 10.88.0.0/16 |
| Gateway | DNSGW - 192.168.4.88 |
| Description | UNSERE DMZs |
Zertifikat einpflegen
- Zertifikat holen
- Entpacken
- tar -xvzf it2*.xinmen.de.tgz
- Zertifikat
fullchain.pem
- Private Schlüssel
privkey.pem
- Hostname IP Test
- host opnsense.it213.xinmen.de
opnsense.it213.xinmen.de has address 192.168.4.213