If your looking to allow that kind of traffic in and out of opensense, then yes if you use it. Just be mindful of what you need and only allow that in, outbound is normally everything.
Selfhosted
A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.
Rules:
-
Be civil: we're here to support and learn from one another. Insults won't be tolerated. Flame wars are frowned upon.
-
No spam posting.
-
Posts have to be centered around self-hosting. There are other communities for discussing hardware or home computing. If it's not obvious why your post topic revolves around selfhosting, please include details to make it clear.
-
Don't duplicate the full text of your blog or github here. Just post the link for folks to click.
-
Submission headline should match the article title (don’t cherry-pick information from the title to fit your agenda).
-
No trolling.
Resources:
- selfh.st Newsletter and index of selfhosted software and apps
- awesome-selfhosted software
- awesome-sysadmin resources
- Self-Hosted Podcast from Jupiter Broadcasting
Any issues on the community? Report it using the report flag.
Questions? DM the mods!
Not sure if you mean to run the service on the FW or what 'handle' means here. If you have a second box though it would be easy enough to run all those services on a distinct server and then route their relevant ports through there with a policy based route on the firewall. That way you would only have to set up one for node for example and just have the client machines use that.
Sorry, I should clarify. I'm hoping to possibly have a setup like this:
- Browser makes a request to an eepsite
- The router sees the request is to a domain ending in
.i2p
and forwards the request to a service running on the router - That service then performs the necessary encryption and establishes connection with the I2P network.
I'd imagine it's a similar process for other protocols and networks. No idea if this is possible or desirable.
https://www.grepular.com/Transparent_Access_to_I2P_eepSites
Something like this makes logical sense, but can't say I've ever tried such a feat. As a general rule though keeping the gateway/firewall free of extraneous software is a good practice just to limit the potential attack surface. If you try it I'd create a dedicated VM somewhere to host the i2p/Tor gateway from to keep it off the network edge directly.
You mean run those programs directly on opnsense? I don't believe there is any way to do that.
No configuration is needed on opnsense to use them as normal on your devices though, so that's your best option.