Messages

Anyone seen these?

https://www.pine64.org/?product=rockpro64-4gb-single-board-computer
Should be able to add an intel multi-NIC card perhaps...

So... did you pull the trigger? I'm looking to do something similar and wonder what model you ended up buying and how you're liking your decision.

I guess it really depends on how you want to manage it.

I use Virtual IP's and use specific Source and Destination NAT's to achieve the 1:1 NAT without publishing all services.

That's exactly how I've done it in the past so I'm content to move forward that way... just making sure there's not some other/better way to do it.

Okay... this answer: https://forum.opnsense.org/index.php?topic=5541.msg22639#msg22639
to another question has gotten me to the point where I am successfully attaching to an internal services via a BINAT 1:1 rule and the firewall source specific lock down.

So remaining questions:
1. Are the virtual IPs necessary to have the box respond to these other IPs?2. Given what I'm trying to do, is this the best way to accomplish it?
Thanks!

Also... NAT / BINAT  -- I'm talking single hosts... not an entire subnet nor full access to entire machines.

I've been on pfsense for years now. We have what I think is a relatively simple setup... two WANs each with full class Cs and a single LAN that houses users and a few services, some of which need to be accessed from the WAN side.
For our purposes we often have a virtual IP on each of our ISP class Cs lead to a single service within our LAN and simply give them different DNS names so that in the case of an outage of one of our ISPs we have a backup ingress point.
In the past (pfsense) I'd use VirtIPs and 1:1 NAT along with a firewall rule. I intend to start testing opnsense now that I've got it running on my NETGATE hardware. I'm at the stage where I'd like to test the above mentioned techniques but I'm at a loss in understanding the One-to-One interface as my only prior experience was the pfsesne version. Also, I'm willing to accept that perhaps we weren't doing it right back then as we hired a third party to get us up and running and he seemed to be figuring it out as he went.
So, if my goal is to give access to a handful of internal LAN services via dual ISP virtual IPs... and usually only from a specific host or subnet and to a specific port, which method is the correct way?

If it still is VirtIP - 1:1 - FW Rules, then can somebody point me to the correct doc becasue I can't find it on the doc pages and the threads that turn up here are all over the place as to intent and none that I've found explain it clearly.
Thanks for any pointers.

Ok... got it.
So with the latest (18.1) serial usb bootable attached to one USB port and a usb to SATA drive on the other so long as I had it in the order where the USB installer was the ZEROth device, it booted and I was able to install to the other USB drive.

After the initial install I removed the USB key and put that SATA drive on the MB Sata port and booted. Trial and error to config the WAN/LAN (I have 6 ports here) and voila...

So I guess the lesson here is that perhaps you no longer need to edit anything on the /boot dir of the serial bootable installer. At least on this particular NETGATE/Lanner hardware I didn't need to.
::thumbs waaay up!::

if it gets as far as login, you could always then try logging in as installer....maybe?


Let me modify that as you've got no terminal... ( idiot to self )  :-X

So the hard drive freezes during the boot but I did see the ascii art boot options, etc. so I tried the vanilla serial based USB key. Bad news, this box forced the SATA to boot and I can't seem to change the boot order (locked by bios) nor get up a bios boot selector.
Semi decent news, the USB on it's own does not lock and it get's to the installer... Now I've attached a SATA to the second USB port and am walking through a setup... fingers double crossed...

Jump ahead another day...
I've ripped my backup 7541 apart to look for a VGA pinout on the MB (which I found but it's non-standard and the part is apparently discontinued) and to my surprise there are a couple of sata headers. If I pull the drive from the NUC I've been testing opnsense with and throw it in the 7541 what are the odds that the WAN and LANs will actually grab ips from the config when it's totally new hardware and waaaay more NIC ports?
I'll try it and attach a console cable but I wish there was an easy way to mount the USB bootable and edit as listed above...

I've been trying to get opnSense installed on my old pfSense box that I purchased through netgate waaaaay back and it led me to cracking the case open to see if I could find VGA pins on the MB which led me to the fact that the appliance is simply a Lanner netapp box with a netgate sticker on it... so, has anyone used any of the intel based boxes for opn?
https://www.lanner-america.com/buy-lanner/utm-firewall-network-appliances/

Something like this would do.


http://linuxgizmos.com/39-dollar-network-switching-pico-itx-sbc-packs-dual-core-cortex-a53/

I didn't realize that it runs on arm...

[Edit] ...should have added easily :)

After some trials i found a way for me to get the "lights on":

1. Create a USB-stick with OPNsense serial (amd64)
2. Mount this USB stick on any other running FreeBSD device and navigate into /boot on USB-stick
3. Edit or create (if not there) a file "loader.conf.local" and put the following lines in it:

Code Select Expand


hint.uart.0.flags=0x0
hint.uart.1.flags=0x10
comconsole_speed="115200"
comconsole_port="0x2F8"
console="comconsole"
kern.cam.boot_delay="10000"


3. Save file and unmount USB stick
4. Put USB stick in your Netgate SG-4860 and boot - et voila....

The SG-4860 is running without issues/problems for over 1,5 years now.

have fun,
regards pylox

Hi... attempting the same with an FW-7541... I'm a debian guy and am having the hardest time trying to figure out how to mount the USB within freeBSD... I have it on my test opnSense box but can't seem to figure out the partition structure of the USB... fdisk /dev/ad0 reports that partitions 1-3 are UNUSED and that partition 4 is used... I try to mount /dev/ad0s4 /mnt/ and it's erroring...

Any pointers?