1
22.1 Legacy Series / Re: MPCIE 4G MODEM CARD with GPS for FreeBSD/OPNSENSE
« on: June 02, 2022, 02:36:26 am »
Thanks, I will try it out.
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
Pages: [1]
2
22.1 Legacy Series / MPCIE 4G MODEM CARD with GPS for FreeBSD/OPNSENSE
« on: May 21, 2022, 02:36:24 am »
HI,
I got this nice little firewall with 16G RAM and 256G NVME for running OPNSENSE.
https://www.aliexpress.com/item/1005004242580766.html?spm=a2g0o.order_list.0.0.1cf61802Fuoz0d
11th Gen N5105 N5095 Soft Router 4 Intel i225 2.5G LAN pfSense Firewall Appliance 2xDDR4 NVMe
Mini PC OPNsense Virtual Machine
The hardware has a sim slot and a MPCIE slot for a 4G LTE MODEM card.
What is the best 4G card that works well with OPNSENSE ?
Thanks,
/rs
I got this nice little firewall with 16G RAM and 256G NVME for running OPNSENSE.
https://www.aliexpress.com/item/1005004242580766.html?spm=a2g0o.order_list.0.0.1cf61802Fuoz0d
11th Gen N5105 N5095 Soft Router 4 Intel i225 2.5G LAN pfSense Firewall Appliance 2xDDR4 NVMe
Mini PC OPNsense Virtual Machine
The hardware has a sim slot and a MPCIE slot for a 4G LTE MODEM card.
What is the best 4G card that works well with OPNSENSE ?
Thanks,
/rs
3
17.1 Legacy Series / Re: OPNSense 17.X and Jails
« on: March 09, 2017, 06:16:55 pm »
One last thing, I added a rule in my firewall to allow LocalNet to LocalNet for any any. Not sure how restrictive others may have their rule base but you need to allow access to the jail from other hosts or pf will drop the connections.
Regards
Regards
4
17.1 Legacy Series / Re: OPNSense 17.X and Jails
« on: March 09, 2017, 06:12:18 pm »
Here are the instructions on how I got a jail to work in OPNSense 17.1:
# Contents of /etc/rc.conf.d/jail
jail_enable="YES" # Set to NO to disable starting of any jails
jail_parallel_start="YES" # Start jails in the background
jail_list="" # Space separated list of names of jails
jail_reverse_stop="NO" # Stop jails in reverse order
# End of /etc/rc.conf.d/jail
# Contents of /etc/jail.conf
allow.raw_sockets = 0;
exec.clean;
exec.system_user = "root";
exec.jail_user = "root";
exec.start += "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.consolelog = "/var/log/jail_${name}_console.log";
mount.devfs;
mount.fstab = "/etc/fstab.$name";
allow.mount;
allow.set_hostname = 0;
allow.sysvipc = 0;
path = "/jails/${name}";
nas {
host.hostname = "nas.ads.local";
interface = bge1;
ip4.addr = 10.xxx.xxx.32;
allow.raw_sockets = 1;
}
# End of /etc/jail.conf
# Run these commands at shell prompt
touch /etc/fstab.nas
mkdir -p /jails/nas
mkdir -p /jails/11R
cd /jails/11R
fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/11.0-RELEASE/base.txz
tar -JxvC /jails/nas/ -f base.txz
cp /etc/resolv.conf /jails/nas/etc/
cp /etc/localtime /jails/nas/etc/
# Now switch to the root of the jail and change root passwd, mail aliases and
# update the jail release.
chroot /jails/nas /bin/csh
passwd
mkdir /usr/ports
mkdir /usr/home
ln -s /usr/home /home
cd /etc/mail
make aliases
freebsd-update fetch install
grep ssh /etc/defaults/rc.conf > /etc/rc.conf.d/sshd
# Contents of /etc/rc.conf.d/sshd inside the jail
sshd_enable="YES" # Enable sshd
sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one.
sshd_flags="" # Additional flags for sshd.
# End of /etc/rc.conf.d/sshd inside the jail
# Exit the jail
exit
# I needed to enable posix acls in OPNSense for samba
# Contents of /etc/fstab
# Device Mountpoint FStype Options Dump Pass#
/dev/ada0s1a / ufs rw,acls 1 1
/dev/ada0s1b none swap sw 0 0
# End of /etc/fstab
# reboot OPNSense firewall, ssh back in , the jail should be running
jls
root@OPNSense:/etc # jls
JID IP Address Hostname Path
5 10.xxx.xxx.32 nas.ads.local /jails/nas
# you can now ssh into the jail via IP or use jexec. Set Permitrootlogin if you want to ssh in as root in jail.
# otherwise use jexec to loginto jail
jexec 5 /bin/csh
root@nas:~ #
# update pkg database
pkg update
# Install samba **** samba 44 is broken in freebsd - just core dumps
# install 43 instead. Maybe samba45 will fix the issue
pkg install samba43-4.3.13_1.txz
# Follow the rest of Samba install . I used standalone model, you can also run as a dc, etc.
# Contents of /etc/rc.conf.d/jail
jail_enable="YES" # Set to NO to disable starting of any jails
jail_parallel_start="YES" # Start jails in the background
jail_list="" # Space separated list of names of jails
jail_reverse_stop="NO" # Stop jails in reverse order
# End of /etc/rc.conf.d/jail
# Contents of /etc/jail.conf
allow.raw_sockets = 0;
exec.clean;
exec.system_user = "root";
exec.jail_user = "root";
exec.start += "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.consolelog = "/var/log/jail_${name}_console.log";
mount.devfs;
mount.fstab = "/etc/fstab.$name";
allow.mount;
allow.set_hostname = 0;
allow.sysvipc = 0;
path = "/jails/${name}";
nas {
host.hostname = "nas.ads.local";
interface = bge1;
ip4.addr = 10.xxx.xxx.32;
allow.raw_sockets = 1;
}
# End of /etc/jail.conf
# Run these commands at shell prompt
touch /etc/fstab.nas
mkdir -p /jails/nas
mkdir -p /jails/11R
cd /jails/11R
fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/11.0-RELEASE/base.txz
tar -JxvC /jails/nas/ -f base.txz
cp /etc/resolv.conf /jails/nas/etc/
cp /etc/localtime /jails/nas/etc/
# Now switch to the root of the jail and change root passwd, mail aliases and
# update the jail release.
chroot /jails/nas /bin/csh
passwd
mkdir /usr/ports
mkdir /usr/home
ln -s /usr/home /home
cd /etc/mail
make aliases
freebsd-update fetch install
grep ssh /etc/defaults/rc.conf > /etc/rc.conf.d/sshd
# Contents of /etc/rc.conf.d/sshd inside the jail
sshd_enable="YES" # Enable sshd
sshd_program="/usr/sbin/sshd" # path to sshd, if you want a different one.
sshd_flags="" # Additional flags for sshd.
# End of /etc/rc.conf.d/sshd inside the jail
# Exit the jail
exit
# I needed to enable posix acls in OPNSense for samba
# Contents of /etc/fstab
# Device Mountpoint FStype Options Dump Pass#
/dev/ada0s1a / ufs rw,acls 1 1
/dev/ada0s1b none swap sw 0 0
# End of /etc/fstab
# reboot OPNSense firewall, ssh back in , the jail should be running
jls
root@OPNSense:/etc # jls
JID IP Address Hostname Path
5 10.xxx.xxx.32 nas.ads.local /jails/nas
# you can now ssh into the jail via IP or use jexec. Set Permitrootlogin if you want to ssh in as root in jail.
# otherwise use jexec to loginto jail
jexec 5 /bin/csh
root@nas:~ #
# update pkg database
pkg update
# Install samba **** samba 44 is broken in freebsd - just core dumps
# install 43 instead. Maybe samba45 will fix the issue
pkg install samba43-4.3.13_1.txz
# Follow the rest of Samba install . I used standalone model, you can also run as a dc, etc.
5
17.1 Legacy Series / Re: OPNSense 17.X and Jails
« on: March 09, 2017, 01:24:12 am »
Thats what I wanted to confirm - use FreeBSD 11.x tarballs.
I didnt know if OPNSense was drastically that different. I suppose as long as the Kernel versions are in sync then I should be ok.
Ok, I will try that and see what happens.
/rs
I didnt know if OPNSense was drastically that different. I suppose as long as the Kernel versions are in sync then I should be ok.
Ok, I will try that and see what happens.
/rs
6
17.1 Legacy Series / Re: OPNSense 17.X and Jails
« on: March 08, 2017, 04:40:40 pm »
I didnt want it to be that complicated. Actually, I would have just preferred a plugin or samba pkg to run on the firewall itself. I know its frowned upon but its just a simple server. I thought the next best step is to run samba in a jail. I like the GUI and simplicity of OPNSense though. I suppose if I have to I can go back to running a full server (OpenBSD). I dont really want to compile packages, run hyprvisors etc. just to stream music. Ill wait to see what others suggest over the next few days.
Thanks.
Thanks.
7
17.1 Legacy Series / OPNSense 17.X and Jails
« on: March 08, 2017, 01:49:54 am »
Greetings,
I would like to run a jail inside OPNSense 17.1. I have a decent firewall 2 core, 8G RAMwith 512GB SSD more than enough for a FW and a SONOS music server. I just want to run Samba 4 as a simple file server for my SONOS music system. I really dont want to run freenas or another seperate server. Is there instructions on how to do this on OPNSense and is there a OPNSense jail tarball I can use ?
Thanks.
I would like to run a jail inside OPNSense 17.1. I have a decent firewall 2 core, 8G RAMwith 512GB SSD more than enough for a FW and a SONOS music server. I just want to run Samba 4 as a simple file server for my SONOS music system. I really dont want to run freenas or another seperate server. Is there instructions on how to do this on OPNSense and is there a OPNSense jail tarball I can use ?
Thanks.
8
15.7 Legacy Series / Re: Include /var/unbound/ad_servers.conf to unbound.conf
« on: January 08, 2016, 01:46:24 am »
Thank you for looking into this 
9
15.7 Legacy Series / Re: How do I Include /var/unbound/ad_servers.conf to unbound.conf and keep it persis
« on: December 15, 2015, 01:06:32 am »Yes, paste the file contents into the GUI if it is static. If it is dynamic, you can add the following to unbound advanced options text area instead... (note the colon)
include: /var/unbound/ad_servers.conf
That unfortunatly doesnt work because it puts the line after the "." cache section:
# Forwarding
forward-zone:
name: "."
forward-addr: x.x.x.x
forward-addr: y.y.y.y
# Unbound custom option
include:
/var/unbound/ad_servers.conf
This causes the contents of ad_servers.conf to be ignored and actually resolves it to the real addresses instead of 127.0.0.1. The placement of it appears to be important. If I place it before the forwarding section I get the intended results. If it is placed after (as it is when using the "advanced method") it doesnt work.
10
15.7 Legacy Series / Re: How do I Include /var/unbound/ad_servers.conf to unbound.conf and keep it persis
« on: December 11, 2015, 12:53:01 am »Found my own answer by editing the file:
/usr/local/etc/inc/unbound.inc
to include:
include /var/unbound/ad_servers.conf
then restarting unbound. Works like a charm.
11
15.7 Legacy Series / [SOLVED] Include /var/unbound/ad_servers.conf to unbound.conf
« on: December 11, 2015, 12:27:30 am »
Hi ,
I've switched from OpenBSD server to OPNSense and must say it is quite nice. In my old setup I had autogenerated a conf file for ad servers so that unbound would respond back with 127.0.0.1:
curl -sS -L --compressed "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=unbound;showintro=0" | sed -e 's/<[^>]*>//g' | sed -e 's/^Ad.*//g' > /var/unbound/ad_servers.conf
Then in unbound.conf:
include /var/unbound/ad_servers.conf
this generates hundreds of adserver domains that point back to 127.0.0.1:
local-zone: "101com.com" redirect
local-data: "101com.com A 127.0.0.1"
local-zone: "101order.com" redirect
local-data: "101order.com A 127.0.0.1"
...
How do I make this persistent on reboots in OPNSense so that I can continue to block adservers at the network/DNS level ?
Thanks.
I've switched from OpenBSD server to OPNSense and must say it is quite nice. In my old setup I had autogenerated a conf file for ad servers so that unbound would respond back with 127.0.0.1:
curl -sS -L --compressed "http://pgl.yoyo.org/adservers/serverlist.php?hostformat=unbound;showintro=0" | sed -e 's/<[^>]*>//g' | sed -e 's/^Ad.*//g' > /var/unbound/ad_servers.conf
Then in unbound.conf:
include /var/unbound/ad_servers.conf
this generates hundreds of adserver domains that point back to 127.0.0.1:
local-zone: "101com.com" redirect
local-data: "101com.com A 127.0.0.1"
local-zone: "101order.com" redirect
local-data: "101order.com A 127.0.0.1"
...
How do I make this persistent on reboots in OPNSense so that I can continue to block adservers at the network/DNS level ?
Thanks.
Pages: [1]