OPNsense Forum
Archive => 15.7 Legacy Series => Topic started by: curtis.mm on November 04, 2015, 11:59:26 pm
-
Hello there,
I've been looking for an alternative to pfSense for a while now, trying various firewalls. I have to say, i'm very impressed with OPNsense so far!
I just wanted to document some issues I had with my installation in the hopes that this may help someone else.
I decided to move away from using my old WatchGuard Firebox X1250e due to various reasons and wanted something a little smaller. I decided to use an ITX board I had (Gigabyte GA-B75N) which has dual Gb NIC's. Though this was ideal for a small firewall. first tried pfSense on it, the interfaces didn't work. Did the same for OPNsese, same result. The fix was found over on the freebsd forums by a chap named 'rrichard' who suggested the following:
/sbin/ifconfig re0 down
/sbin/ifconfig re0 up
this worked (Though I had to do the same for the re1 interface too)
I know in pfSense I could use shellcmd to add startup commands but it seems to me that OPNsense doesn't have package manager functionality. I'm sure their is some way of dealing with adding commands to startup but I think I'll stick to what I know :D
I really wish OPNsense had some sort of package repository like pfSense does. Without it, this is ultimately a deal breaker for me as there's various packages which I use & cannot do without. My biggest is Reverse Proxy (squid). I have multiple VM's that are outward facing & I like the idea of having the firewall deal with routing the traffic as it is coming in. Plus it's all done in a nice GUI so life is easy :)
Overall I enjoyed my experience with OPNsense, it seems like a fresh approach to firewall appliances, seems to have a strong community & the interface is sexy as hell too! So I will definitely be keeping my eye on this!
Kind Regards,
Curtis.
-
OPNSense has some packages to install as an extra. VMWare, XEN tools for example.
Apart from that, you can install from the FreeBSD collection. Much broader then home cooked stuff imo.
Downside then is it probably wont have GUI interaction.
What you want for the RTL NICs is something Fitch can answer you on.
And something tells me you dĂdnt read up on anything, because all this is either here on the forum, or in wiki/docs.
-
Hi Curtis,
Thank you for your feedback. We've only been around for 10 months, rebuilding the plugins (packages) is a long-term community job. We ditched the old packages framework and have put back a plugin system (notice the name change to avoid clashing with the FreeBSD package term). It works as intended and the last GUI parts are going into 16.1 (coming out in late January 2016).
Coincidentally, yesterday's 15.7.18 added an alternative to the since removed shellcmd, namely rc.syshook. In order to run these commands on bootup just do this:
# mkdir -p /usr/local/etc/rc.syshook.d
# echo "#!/bin/sh" > /usr/local/etc/rc.syshook.d/re0_fixup.early
# echo "/sbin/ifconfig re0 down" > /usr/local/etc/rc.syshook.d/re0_fixup.early
# echo "/sbin/ifconfig re0 up" > /usr/local/etc/rc.syshook.d/re0_fixup.early
# chmod 755 /usr/local/etc/rc.syshook.d/re0_fixup.early
If you need the hook to be executed after system startup you'll need to do this:
# mv /usr/local/etc/rc.syshook.d/re0_fixup.early /usr/local/etc/rc.syshook.d/re0_fixup.start
Eventually, we are going to add a plugin or default GUI on top for this, but since it's so new we like to see the new code in action before we automate the GUI on top to make sure the two match well.
Also, weust is correct, you can see our current FreeBSD package list:
https://github.com/opnsense/tools/blob/master/config/15.7/ports.conf
If a package is not installed, you can do so via:
# pkg install <packagename>
And then use it like you would on FreeBSD.
If you miss a package and it's useful for everybody we can push it into the next release no problem. :)
Enjoy,
Franco